US-CERT Bulletin (SB22-325):Vulnerability Summary for the Week of November 14, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
aiphone — gt-dmb-n_firmware | Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges. | 2022-11-14 | 7.5 | CVE-2022-40903 MISC MISC |
amazon — opensearch | OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue. | 2022-11-15 | 9.8 | CVE-2022-41918 MISC CONFIRM |
amazon — opensearch_notifications | OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin 2.2.0 and below could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin’s intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds. | 2022-11-11 | 8.7 | CVE-2022-41906 MISC CONFIRM MISC |
apache — airflow | A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. | 2022-11-14 | 8.8 | CVE-2022-40127 MISC MISC MLIST |
apache — airflow | A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1. | 2022-11-14 | 7.5 | CVE-2022-27949 MISC MISC MLIST |
apache — archiva | If anonymous read enabled, it’s possible to read the database file directly without logging in. | 2022-11-15 | 7.5 | CVE-2022-40308 CONFIRM MLIST |
apache — sshd | Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server. | 2022-11-16 | 9.8 | CVE-2022-45047 CONFIRM |
archesproject — arches | Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it’s possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds. | 2022-11-11 | 9.8 | CVE-2022-41892 CONFIRM |
atlassian — bitbucket | There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”. | 2022-11-17 | 9.8 | CVE-2022-43781 MISC MISC |
atlassian — confluence_data_center | The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded. | 2022-11-15 | 7.5 | CVE-2022-42977 MISC |
atlassian — confluence_data_center | In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system. | 2022-11-15 | 7.5 | CVE-2022-42978 MISC |
atlassian — crowd | Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd’s REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3 | 2022-11-17 | 9.8 | CVE-2022-43782 MISC |
automattic — crowdsignal_dashboard | Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. | 2022-11-17 | 8.8 | CVE-2022-45069 CONFIRM |
automotive_shop_management_system_project — automotive_shop_management_system | Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic. | 2022-11-18 | 7.2 | CVE-2022-44378 MISC |
automotive_shop_management_system_project — automotive_shop_management_system | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service. | 2022-11-18 | 7.2 | CVE-2022-44379 MISC |
automotive_shop_management_system_project — automotive_shop_management_system | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction. | 2022-11-17 | 7.2 | CVE-2022-44402 MISC |
automotive_shop_management_system_project — automotive_shop_management_system | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=. | 2022-11-17 | 7.2 | CVE-2022-44403 MISC |
automotive_shop_management_system_project — automotive_shop_management_system | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=. | 2022-11-18 | 7.2 | CVE-2022-44413 MISC |
automotive_shop_management_system_project — automotive_shop_management_system | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=. | 2022-11-18 | 7.2 | CVE-2022-44414 MISC |
automotive_shop_management_system_project — automotive_shop_management_system | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=. | 2022-11-18 | 7.2 | CVE-2022-44415 MISC |
automotive_shop_management_system_project — automotive_shop_management_system | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=. | 2022-11-18 | 7.2 | CVE-2022-44820 MISC |
axiosys — bento4 | A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is the function AP4_StdcFileByteStream::ReadPartial of the file Ap4StdCFileByteStream.cpp of the component mp4info. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213553 was assigned to this vulnerability. | 2022-11-13 | 8.8 | CVE-2022-3974 N/A N/A N/A |
backclick — backclick | An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed. | 2022-11-17 | 9.8 | CVE-2022-44001 MISC MISC |
backclick — backclick | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations. | 2022-11-16 | 9.8 | CVE-2022-44003 MISC MISC |
backclick — backclick | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password. | 2022-11-16 | 9.8 | CVE-2022-44004 MISC MISC |
backclick — backclick | An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by uploading an executable file. | 2022-11-16 | 9.8 | CVE-2022-44006 MISC MISC |
badgermeter — moni\ | In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS. | 2022-11-15 | 8.8 | CVE-2020-12507 MISC |
badgermeter — moni\ | In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module. | 2022-11-15 | 7.5 | CVE-2020-12508 MISC |
bruhn-newtech — cbrn-analysis | CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. | 2022-11-12 | 8.8 | CVE-2022-45193 MISC |
camp_project — camp | patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when password.txt is accessed can be bypassed. Furthermore, it is not necessary to crack the password hash to authenticate with the application because the password hash is also used as the cookie secret, so an attacker can generate his own authentication cookie. | 2022-11-14 | 9.8 | CVE-2022-37109 MISC MISC MISC |
canteen_management_system_project — canteen_management_system | An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-11-15 | 9.8 | CVE-2022-43265 MISC MISC |
canteen_management_system_project — canteen_management_system | An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-11-14 | 7.2 | CVE-2022-43146 MISC MISC |
cisco — firepower_management_center | A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device. | 2022-11-15 | 7.5 | CVE-2022-20854 MISC |
clogica — seo_redirection | Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress. | 2022-11-18 | 8.8 | CVE-2022-40695 CONFIRM CONFIRM |
college_management_system_project — college_management_system | College Management System v1.0 – SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page. | 2022-11-17 | 9.8 | CVE-2022-39180 MISC |
college_management_system_project — college_management_system | College Management System v1.0 – Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. | 2022-11-17 | 7.2 | CVE-2022-39179 MISC |
concretecms — concrete_cms | Concrete CMS is vulnerable to CSRF due to the lack of “State” parameter for external Concrete authentication service for users of Concrete who use the “out of the box” core OAuth. | 2022-11-14 | 8.8 | CVE-2022-43693 MISC MISC MISC MISC MISC |
constantcontact — creative_mail | Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. | 2022-11-18 | 8.8 | CVE-2022-40686 CONFIRM |
constantcontact — creative_mail | Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. | 2022-11-18 | 8.8 | CVE-2022-40687 CONFIRM |
contec — solarview_compact_firmware | SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php | 2022-11-17 | 9.8 | CVE-2022-40881 MISC |
crm42_project — crm42 | A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability. | 2022-11-11 | 9.8 | CVE-2022-3955 N/A N/A |
deltaww — diaenergie | SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 2022-11-17 | 8.8 | CVE-2022-41775 MISC |
deltaww — diaenergie | SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 2022-11-17 | 8.8 | CVE-2022-43447 MISC |
deltaww — diaenergie | SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 2022-11-17 | 8.8 | CVE-2022-43452 MISC |
deltaww — diaenergie | SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 2022-11-17 | 8.8 | CVE-2022-43457 MISC |
deltaww — diaenergie | SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 2022-11-17 | 8.8 | CVE-2022-43506 MISC |
diffie-hellman_key_exchange_project — diffie-hellman_key_exchange | Using long exponents in the Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. An attacker may cause asymmetric resource consumption with any common client application which uses a DHE implementation that applies short exponents. The attack may be more disruptive in cases where a client sends arbitrary numbers that are actually not DH public keys (aka the D(HE)ater attack) or can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. This can affect TLS, SSH, and IKE. | 2022-11-14 | 7.5 | CVE-2022-40735 MISC MISC MISC MISC MISC |
dolibarr — dolibarr_erp\/crm | Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. | 2022-11-17 | 9.8 | CVE-2022-43138 MISC |
dreamer_cms_project — dreamer_cms | Dreamer CMS 4.0.01 is vulnerable to SQL Injection. | 2022-11-17 | 9.8 | CVE-2022-42245 MISC |
duofoxtechnologies — duofox_cms | Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. | 2022-11-17 | 8.8 | CVE-2022-42246 MISC |
eolink — goku_lite | A vulnerability classified as critical has been found in eolinker goku_lite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213453 was assigned to this vulnerability. | 2022-11-11 | 9.8 | CVE-2022-3947 N/A N/A N/A |
eolink — goku_lite | A vulnerability classified as critical was found in eolinker goku_lite. This vulnerability affects unknown code of the file /plugin/getList. The manipulation of the argument route/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-213454 is the identifier assigned to this vulnerability. | 2022-11-11 | 9.8 | CVE-2022-3948 N/A N/A N/A |
erp_project — erp | A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451. | 2022-11-11 | 8.8 | CVE-2022-3944 N/A N/A |
export_users_with_meta_project — export_users_with_meta | Auth. CSV Injection vulnerability in Export Users With Meta plugin <= 0.6.8 on WordPress. | 2022-11-17 | 8 | CVE-2022-44577 CONFIRM |
eyoucms — eyoucms | EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | 2022-11-14 | 8.8 | CVE-2022-43323 MISC |
eyoucms — eyoucms | EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | 2022-11-14 | 8.8 | CVE-2022-44387 MISC |
facebook — redex | DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file. | 2022-11-11 | 9.8 | CVE-2022-36938 MISC |
ferry_project — ferry | A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier assigned to this vulnerability. | 2022-11-11 | 9.8 | CVE-2022-3939 N/A |
ferry_project — ferry | A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument file_name leads to path traversal. The associated identifier of this vulnerability is VDB-213447. | 2022-11-11 | 9.8 | CVE-2022-3940 N/A |
ffmpeg — ffmpeg | A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. | 2022-11-13 | 8.1 | CVE-2022-3964 N/A N/A |
ffmpeg — ffmpeg | A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. | 2022-11-13 | 8.1 | CVE-2022-3965 N/A N/A |
follow_me_plugin_project — follow_me_plugin | The “Follow Me Plugin” plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-11-15 | 8.8 | CVE-2022-3240 MISC MISC |
freerdp — freerdp | FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. | 2022-11-16 | 9.1 | CVE-2022-39319 CONFIRM MISC |
freerdp — freerdp | FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel – command line options `/drive`, `+drives` or `+home-drive`. | 2022-11-16 | 9.1 | CVE-2022-41877 CONFIRM MISC |
freerdp — freerdp | FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade. | 2022-11-16 | 7.5 | CVE-2022-39316 MISC CONFIRM |
freerdp — freerdp | FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. | 2022-11-16 | 7.5 | CVE-2022-39318 CONFIRM MISC |
freerdp — freerdp | FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch. | 2022-11-16 | 7.5 | CVE-2022-39347 CONFIRM MISC |
guitar-pro — guitar_pro | Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request. | 2022-11-16 | 7.5 | CVE-2022-43264 MISC |
hashicorp — consul | HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering’s imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0. | 2022-11-16 | 7.5 | CVE-2022-3920 MISC |
heimdal_project — heimdal | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal’s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal’s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. | 2022-11-15 | 7.5 | CVE-2022-41916 CONFIRM |
hhims_project — hhims | A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability. | 2022-11-11 | 9.8 | CVE-2022-3956 N/A N/A |
hms-php_project — hms-php | A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213551. | 2022-11-13 | 9.8 | CVE-2022-3972 N/A N/A |
hms-php_project — hms-php | A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213552. | 2022-11-13 | 9.8 | CVE-2022-3973 N/A N/A |
hoosk — hoosk | An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-11-16 | 9.8 | CVE-2022-43234 MISC |
hospital_management_center_project — hospital_management_center | A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213786 is the identifier assigned to this vulnerability. | 2022-11-16 | 9.8 | CVE-2022-4012 N/A N/A |
hospital_management_center_project — hospital_management_center | A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787. | 2022-11-16 | 8.8 | CVE-2022-4013 N/A N/A |
human_resource_management_system_project — human_resource_management_system | Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. | 2022-11-16 | 9.8 | CVE-2022-43262 MISC |
hyperledger — fabric | Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist. | 2022-11-12 | 7.5 | CVE-2022-45196 MISC MISC |
ibm — cics_tx | IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463. | 2022-11-14 | 7.5 | CVE-2022-34319 MISC MISC MISC |
ibm — cics_tx | IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464. | 2022-11-14 | 7.5 | CVE-2022-34320 MISC MISC MISC |
ibm — cloud_pak_for_security | IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786. | 2022-11-11 | 8.8 | CVE-2022-38387 MISC MISC |
ibm — cloud_pak_for_security | IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777. | 2022-11-15 | 8.1 | CVE-2022-38385 MISC MISC |
ibm — infosphere_information_server | IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687. | 2022-11-16 | 9.8 | CVE-2022-40752 MISC MISC |
ibm — powervm_hypervisor | After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695. | 2022-11-11 | 9.8 | CVE-2022-34331 MISC MISC |
ikus-soft — rdiffweb | Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. | 2022-11-14 | 9.8 | CVE-2022-3362 CONFIRM MISC |
insyde — insydeh2o | DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by | 2022-11-14 | 7.8 | CVE-2022-34325 MISC MISC |
insyde — kernel | DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047 | 2022-11-15 | 7 | CVE-2022-33905 MISC MISC |
insyde — kernel | DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022050 | 2022-11-15 | 7 | CVE-2022-33908 MISC MISC |
insyde — kernel | DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corruption through a TOCTOU attack..This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051 | 2022-11-15 | 7 | CVE-2022-33909 MISC MISC |
insyde — kernel | DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022053 | 2022-11-15 | 7 | CVE-2022-33983 MISC MISC |
insyde — kernel | DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. This was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054 | 2022-11-15 | 7 | CVE-2022-33984 MISC MISC |
insyde — kernel | DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022055 | 2022-11-15 | 7 | CVE-2022-33985 MISC MISC |
intel — active_management_technology | Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2022-11-11 | 9.8 | CVE-2022-26845 MISC |
intel — active_management_technology | Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. | 2022-11-11 | 8.8 | CVE-2022-29893 MISC |
intel — active_management_technology | Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access. | 2022-11-11 | 7.5 | CVE-2022-27497 MISC |
intel — advanced_link_analyzer | Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-27638 MISC |
intel — data_center_manager | Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2022-11-11 | 8.8 | CVE-2022-33942 MISC |
intel — endpoint_management_assistant | Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-30297 MISC |
intel — gametechdev_presentmon | Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.3 | CVE-2022-26086 MISC |
intel — glorp | Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-30548 MISC |
intel — hyperscan | Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2022-11-11 | 9.8 | CVE-2022-29486 MISC |
intel — manageability_commander | Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. | 2022-11-11 | 8.8 | CVE-2022-26341 MISC |
intel — nuc7i3dnbe_firmware | Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-26024 MISC |
intel — nuc_10_performance_kit_nuc10i7fnhn_firmware | Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-36789 MISC |
intel — nuc_11_compute_element_cm11ebi38w_firmware | Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-38099 MISC |
intel — nuc_11_pro_kit_nuc11tnhi70z_firmware | Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-37334 MISC |
intel — nuc_8_rugged_kit_nuc8cchkrn_firmware | Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-26124 MISC |
intel — nuc_kit_nuc5i3myhe_firmware | Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-36370 MISC |
intel — nuc_kit_nuc5i3ryh_firmware | Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-37345 MISC |
intel — nuc_kit_wireless_adapter_driver_installer | Incorrect default permissions in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-36377 MISC |
intel — nuc_kit_wireless_adapter_driver_installer | Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-36400 MISC |
intel — nuc_kit_wireless_adapter_driver_installer | Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.3 | CVE-2022-36380 MISC |
intel — nuc_kit_wireless_adapter_driver_installer | Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.3 | CVE-2022-36384 MISC |
intel — quartus_prime | Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2022-27187 MISC |
intel — quartus_prime | XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. | 2022-11-11 | 7.5 | CVE-2022-27233 MISC |
intel — server_debug_and_provisioning_tool | Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access. | 2022-11-11 | 7.5 | CVE-2022-26508 MISC |
intel — system_studio | Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.8 | CVE-2021-33064 MISC |
intel — vtune_profiler | Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | 7.3 | CVE-2022-26028 MISC |
intel — xmm_7560_firmware | Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2022-11-11 | 9.6 | CVE-2022-26513 MISC |
intel — xmm_7560_firmware | Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. | 2022-11-11 | 8.4 | CVE-2022-27639 MISC |
intel — xmm_7560_firmware | Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 8.2 | CVE-2022-26079 MISC |
intel — xmm_7560_firmware | Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 8.2 | CVE-2022-26367 MISC |
intel — xmm_7560_firmware | Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 8.2 | CVE-2022-28126 MISC |
intel — xmm_7560_firmware | Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. | 2022-11-11 | 8.1 | CVE-2022-26369 MISC |
intel — xmm_7560_firmware | Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. | 2022-11-11 | 7.2 | CVE-2022-26045 MISC |
intel — xmm_7560_firmware | Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. | 2022-11-11 | 7.2 | CVE-2022-27874 MISC |
intel — xmm_7560_firmware | Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. | 2022-11-11 | 7.2 | CVE-2022-28611 MISC |
ironmansoftware — powershell_universal | Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6. | 2022-11-14 | 8.8 | CVE-2022-45183 MISC CONFIRM MISC |
ironmansoftware — powershell_universal | The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7. | 2022-11-14 | 7.2 | CVE-2022-45184 MISC CONFIRM MISC |
jenkins — cccc | Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2022-11-15 | 9.8 | CVE-2022-45395 CONFIRM |
jenkins — cloudbees_docker_hub\/registry_notification | A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | 2022-11-15 | 7.5 | CVE-2022-45385 CONFIRM |
jenkins — config_rotator | Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with ‘.xml’ extension on the Jenkins controller file system. | 2022-11-15 | 7.5 | CVE-2022-45388 CONFIRM |
jenkins — japex | Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2022-11-15 | 9.8 | CVE-2022-45400 CONFIRM |
jenkins — ns-nd_integration_performance_publisher | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. | 2022-11-15 | 7.5 | CVE-2022-38666 CONFIRM |
jenkins — ns-nd_integration_performance_publisher | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. | 2022-11-15 | 7.5 | CVE-2022-45391 CONFIRM |
jenkins — osf_builder_suite_\ | Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2022-11-15 | 9.8 | CVE-2022-45397 CONFIRM |
jenkins — pipeline_utility_steps | Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the ‘file:’ prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. | 2022-11-15 | 9.1 | CVE-2022-45381 CONFIRM |
jenkins — script_security | Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. | 2022-11-15 | 7.5 | CVE-2022-45379 CONFIRM |
jenkins — sourcemonitor | Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2022-11-15 | 9.8 | CVE-2022-45396 CONFIRM |
joinmastodon — mastodon | Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. | 2022-11-16 | 9.8 | CVE-2022-2166 CONFIRM MISC |
kavitareader — kavita | Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. | 2022-11-14 | 9.8 | CVE-2022-3993 CONFIRM MISC |
keking — kkfileview | kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. | 2022-11-17 | 7.5 | CVE-2022-43140 MISC |
konker — konker_platform | Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF). | 2022-11-15 | 8.8 | CVE-2022-35613 MISC |
libtiff — libtiff | A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. | 2022-11-13 | 9.8 | CVE-2022-3970 N/A N/A N/A N/A |
liferay — digital_experience_platform | A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin. | 2022-11-15 | 7.5 | CVE-2022-42123 MISC MISC MISC |
liferay — digital_experience_platform | ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the ‘name’ field of a layout prototype. | 2022-11-15 | 7.5 | CVE-2022-42124 MISC MISC MISC MISC |
liferay — digital_experience_platform | Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module. | 2022-11-15 | 7.5 | CVE-2022-42125 MISC MISC MISC |
liferay — dxp | A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences’ `namespace` attribute. | 2022-11-15 | 9.8 | CVE-2022-42120 MISC MISC MISC |
liferay — liferay_portal | A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL. | 2022-11-15 | 9.8 | CVE-2022-42122 MISC MISC MISC |
liferay — liferay_portal | A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template’s ‘Name’ field. | 2022-11-15 | 8.8 | CVE-2022-42121 MISC MISC MISC |
limesurvey — limesurvey | LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | 2022-11-15 | 7.2 | CVE-2022-43279 MISC |
linux — linux_kernel | A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 2022-11-14 | 7.8 | CVE-2022-3238 MISC |
linuxfoundation — software_for_open_networking_in_the_cloud | There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore. | 2022-11-14 | 7.5 | CVE-2022-0324 MISC MISC |
manydesigns — portofino | A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability. | 2022-11-11 | 7.1 | CVE-2022-3952 N/A N/A N/A N/A |
muffingroup — betheme | Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress. | 2022-11-17 | 8.8 | CVE-2022-45077 CONFIRM CONFIRM |
mz-automation — libiec61850 | A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556. | 2022-11-13 | 8.8 | CVE-2022-3976 N/A N/A N/A |
nagvis — nagvis | A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. Upgrading to version 1.9.34 is able to address this issue. The name of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability. | 2022-11-13 | 9.8 | CVE-2022-3979 MISC MISC MISC |
netatalk_project — netatalk | Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | 2022-11-12 | 7.8 | CVE-2022-45188 MISC MISC MISC MISC |
nextcloud — desktop | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. “vbs”, is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused. | 2022-11-11 | 7.8 | CVE-2022-41882 MISC CONFIRM MISC MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php. | 2022-11-16 | 9.8 | CVE-2022-43135 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php. | 2022-11-17 | 7.2 | CVE-2022-43162 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /clients/view_client.php. | 2022-11-17 | 7.2 | CVE-2022-43163 MISC |
online_leave_management_system_project — online_leave_management_system | Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=. | 2022-11-17 | 7.2 | CVE-2022-43179 MISC |
palantir — foundry_build2 | Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater. | 2022-11-15 | 7.5 | CVE-2022-27895 MISC |
palantir — foundry_code-workbooks | Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0. | 2022-11-14 | 7.5 | CVE-2022-27896 MISC |
phoenixcontact — automationworx_software_suite | In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. | 2022-11-15 | 7.8 | CVE-2022-3461 MISC |
phoenixcontact — automationworx_software_suite | In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. | 2022-11-15 | 7.8 | CVE-2022-3737 MISC |
phoenixcontact — fl_mguard_centerport_firmware | A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue. | 2022-11-15 | 7.5 | CVE-2022-3480 MISC |
php — php | In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. | 2022-11-14 | 7.1 | CVE-2022-31630 MISC |
pistar — pi-star_digital_voice_dashboard | Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. | 2022-11-11 | 9.8 | CVE-2022-45182 MISC MISC MISC MISC MISC |
python — pillow | Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). | 2022-11-14 | 7.5 | CVE-2022-45198 MISC MISC MISC MISC MISC |
python — pillow | Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. | 2022-11-14 | 7.5 | CVE-2022-45199 MISC MISC MISC MISC |
qualcomm — apq8009_firmware | Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-11-15 | 7.8 | CVE-2022-25724 CONFIRM |
qualcomm — apq8009_firmware | Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-11-15 | 7.8 | CVE-2022-25743 CONFIRM |
qualcomm — apq8009_firmware | Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-11-15 | 7.5 | CVE-2022-25710 CONFIRM |
qualcomm — apq8009_firmware | Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-11-15 | 7.5 | CVE-2022-33239 CONFIRM |
qualcomm — aqt1000_firmware | Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-11-15 | 9.8 | CVE-2022-33234 CONFIRM |
qualcomm — aqt1000_firmware | Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-11-15 | 7.5 | CVE-2022-25741 CONFIRM |
qualcomm — aqt1000_firmware | Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-11-15 | 7.5 | CVE-2022-33237 CONFIRM |
qualcomm — ar8031_firmware | Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | 2022-11-15 | 9.8 | CVE-2022-25674 CONFIRM |
qualcomm — ar8031_firmware | Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | 2022-11-15 | 9.8 | CVE-2022-25727 CONFIRM |
qualcomm — ar8031_firmware | Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | 2022-11-15 | 7.5 | CVE-2022-25742 CONFIRM |
qualcomm — ar8035_firmware | Denial of service in MODEM due to reachable assertion in Snapdragon Mobile | 2022-11-15 | 7.5 | CVE-2022-25671 CONFIRM |
qualcomm — ar8035_firmware | Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 2022-11-15 | 7.5 | CVE-2022-33236 CONFIRM |
qualcomm — ar9380_firmware | Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking | 2022-11-15 | 7.5 | CVE-2022-25667 CONFIRM |
rconfig — rconfig | An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-11-17 | 8.8 | CVE-2022-44384 MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. | 2022-11-14 | 8.8 | CVE-2022-43288 MISC |
seacms — seacms | SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. | 2022-11-16 | 9.8 | CVE-2022-43256 MISC |
silabs — emberznet | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. | 2022-11-14 | 9.8 | CVE-2022-24937 MISC MISC |
silabs — emberznet | A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. | 2022-11-14 | 7.5 | CVE-2022-24938 MISC MISC |
simple_history_project — simple_history | A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213785 was assigned to this vulnerability. | 2022-11-16 | 9.8 | CVE-2022-4011 N/A N/A N/A |
simple_image_gallery_web_app_project — simple_image_gallery_web_app | A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through “id” parameter on the album page. | 2022-11-17 | 8.8 | CVE-2021-38819 MISC |
siyucms — siyucms | Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges | 2022-11-14 | 7.2 | CVE-2022-43030 MISC MISC |
sophos — mobile | An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. | 2022-11-16 | 9.8 | CVE-2022-3980 CONFIRM |
sports_club_management_system_project — sports_club_management_system | A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/make_payments.php. The manipulation of the argument m_id/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213789 was assigned to this vulnerability. | 2022-11-16 | 9.8 | CVE-2022-4015 N/A N/A |
student_attendance_management_system_project — student_attendance_management_system | A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213845 was assigned to this vulnerability. | 2022-11-17 | 7.2 | CVE-2022-4052 MISC MISC |
tagdiv_composer_project — tagdiv_composer | The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address | 2022-11-14 | 9.8 | CVE-2022-3477 CONFIRM |
tasmota_project — tasmota | Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp. | 2022-11-14 | 9.8 | CVE-2022-43294 MISC MISC |
tenda — ac1200_v-w15ev2_firmware | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | 2022-11-15 | 9.8 | CVE-2022-42058 MISC |
tenda — ac1200_v-w15ev2_firmware | In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter. | 2022-11-15 | 7.8 | CVE-2022-40847 MISC |
tenda — ac1200_v-w15ev2_firmware | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. | 2022-11-15 | 7.8 | CVE-2022-41395 MISC |
tenda — ac1200_v-w15ev2_firmware | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters. | 2022-11-15 | 7.8 | CVE-2022-41396 MISC |
tenda — ac1200_v-w15ev2_firmware | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. | 2022-11-15 | 7.8 | CVE-2022-42053 MISC |
tenda — ac1200_v-w15ev2_firmware | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | 2022-11-15 | 7.5 | CVE-2022-42060 MISC |
thriveweb — wooswipe_woocommerce_gallery | Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. | 2022-11-17 | 8.8 | CVE-2022-45066 CONFIRM |
ultimatemember — ultimate_member | A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability. | 2022-11-13 | 7.5 | CVE-2022-3966 N/A N/A N/A |
vestacp — control_panel | A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is 39561c32c12cabe563de48cc96eccb9e2c655e25. It is recommended to apply a patch to fix this issue. VDB-213546 is the identifier assigned to this vulnerability. | 2022-11-13 | 7.8 | CVE-2022-3967 N/A N/A |
wbce — wbce_cms | A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The name of the patch is d394ba39a7bfeb31eda797b6195fd90ef74b2e75. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213716. | 2022-11-15 | 7.5 | CVE-2022-4006 MISC MISC MISC |
wiesemann_&_theis — multiple_products |
Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request. | 2022-11-15 | 9.8 | CVE-2022-42785 MISC |
wordplus — better_messages | Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress. | 2022-11-19 | 8.8 | CVE-2022-41609 CONFIRM CONFIRM |
wowonder — wowonder | WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. | 2022-11-15 | 9.8 | CVE-2022-42984 MISC MISC |
wowonder — wowonder | WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. | 2022-11-15 | 7.5 | CVE-2022-40405 MISC |
wpforms — wpforms_pro | The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection. | 2022-11-14 | 9.8 | CVE-2022-3574 CONFIRM |
xiongmaitech — xm-jpr2-lx_firmware | Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover. | 2022-11-14 | 7.5 | CVE-2021-38827 MISC |
xuxueli — xxl-job | XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. | 2022-11-17 | 8.8 | CVE-2022-43183 MISC |
zohocorp — manageengine_access_manager_plus | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. | 2022-11-12 | 9.8 | CVE-2022-43671 MISC |
zohocorp — manageengine_access_manager_plus | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. | 2022-11-12 | 9.8 | CVE-2022-43672 MISC |
zohocorp — manageengine_mobile_device_manager_plus | In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. | 2022-11-12 | 7.8 | CVE-2022-41339 MISC |
zohocorp — manageengine_supportcenter_plus | Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. | 2022-11-12 | 8.8 | CVE-2022-40773 MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
activity_log_project — activity_log | A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448. | 2022-11-11 | 5.3 | CVE-2022-3941 N/A N/A N/A |
amazon — opensearch | OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of potentially impacted files is limited to text files with read permissions allowed in the Java Security Manager policy configuration. OpenSearch version 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-11-16 | 4.3 | CVE-2022-41917 CONFIRM MISC |
anthologize_project — anthologize | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress. | 2022-11-17 | 4.8 | CVE-2022-44591 CONFIRM |
apache — airflow | In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver’s `/login` endpoint. | 2022-11-15 | 6.1 | CVE-2022-45402 BUGTRAQ CONFIRM MLIST |
apache — archiva | Users with write permissions to a repository can delete arbitrary directories. | 2022-11-15 | 4.3 | CVE-2022-40309 CONFIRM MLIST |
backclick — backclick | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations. | 2022-11-16 | 6.1 | CVE-2022-44002 MISC |
benbodhi — svg_support | The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL. | 2022-11-16 | 5.4 | CVE-2022-4022 MISC MISC |
bluecoral — chat_bubble | The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message | 2022-11-14 | 6.1 | CVE-2022-3415 CONFIRM |
booster — booster_for_woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress. | 2022-11-18 | 4.3 | CVE-2022-41805 CONFIRM |
bruhn-newtech — cbrn-analysis | CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. | 2022-11-12 | 4.7 | CVE-2022-45194 MISC |
chameleon_project — chameleon | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on WordPress. | 2022-11-17 | 4.8 | CVE-2022-44736 CONFIRM |
cisco — adaptive_security_appliance | A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust. | 2022-11-15 | 6.8 | CVE-2022-20826 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20831 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20832 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20833 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20834 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20835 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20836 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20838 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20839 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20840 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20843 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20872 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20905 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20932 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20935 MISC |
cisco — firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2022-11-15 | 4.8 | CVE-2022-20936 MISC |
concretecms — concrete_cms | In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load). | 2022-11-14 | 6.5 | CVE-2022-43686 MISC MISC MISC MISC MISC |
concretecms — concrete_cms | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | 2022-11-14 | 6.3 | CVE-2022-43690 MISC MISC MISC MISC MISC |
concretecms — concrete_cms | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS – user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | 2022-11-14 | 6.1 | CVE-2022-43692 MISC MISC MISC MISC MISC |
concretecms — concrete_cms | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output. | 2022-11-14 | 6.1 | CVE-2022-43694 MISC MISC MISC MISC MISC |
concretecms — concrete_cms | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | 2022-11-14 | 6.1 | CVE-2022-43967 MISC MISC MISC MISC MISC |
concretecms — concrete_cms | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | 2022-11-14 | 6.1 | CVE-2022-43968 MISC MISC MISC MISC MISC |
concretecms — concrete_cms | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | 2022-11-14 | 5.4 | CVE-2022-43687 MISC MISC MISC MISC MISC |
concretecms — concrete_cms | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. | 2022-11-14 | 5.3 | CVE-2022-43689 MISC MISC MISC MISC MISC |
concretecms — concrete_cms | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production. | 2022-11-14 | 5.3 | CVE-2022-43691 MISC MISC MISC MISC MISC |
concretecms — concrete_cms | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | 2022-11-14 | 4.8 | CVE-2022-43688 MISC MISC MISC MISC MISC |
concretecms — concrete_cms | Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | 2022-11-14 | 4.8 | CVE-2022-43695 MISC MISC MISC MISC MISC |
contiki-ng — contiki-ng | Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the “develop” branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub. | 2022-11-11 | 5.4 | CVE-2022-41873 CONFIRM MISC |
cyberchimps — ifeature_slider | Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress. | 2022-11-17 | 5.4 | CVE-2022-45375 CONFIRM |
digitialpixies — oauth_client | The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions. | 2022-11-14 | 6.5 | CVE-2022-3632 CONFIRM |
digitialpixies — oauth_client | The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | 2022-11-14 | 4.8 | CVE-2022-3631 CONFIRM |
discourse — calendar | Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability only affects sites which have discourse post events enabled. This issue has been patched in commit `ca5ae3e7e` which will be included in future releases. Users unable to upgrade should disable the `discourse_post_event_enabled` setting to fully mitigate the issue. Also, it’s possible to prevent regular users from using this vulnerability by removing all groups from the `discourse_post_event_allowed_on_groups` but note that moderators will still be able to use it. | 2022-11-14 | 5.4 | CVE-2022-41913 CONFIRM MISC |
discourse — discourse | Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been resolved in commit `a414520742` and will be included in future releases. Users are advised to upgrade. Users are also advised to set `SiteSetting.max_invites_per_day` to 0 until the patch is installed. | 2022-11-14 | 6.5 | CVE-2022-39385 CONFIRM MISC |
drogon — drogon | A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464. | 2022-11-11 | 5.3 | CVE-2022-3959 N/A N/A N/A N/A |
element — element | Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds. | 2022-11-11 | 6.5 | CVE-2022-41904 MISC CONFIRM |
emlog — emlog | A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547. | 2022-11-13 | 6.1 | CVE-2022-3968 N/A N/A |
eramba — eramba | A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. | 2022-11-14 | 5.4 | CVE-2022-43342 MISC MISC |
exiv2 — exiv2 | A vulnerability was found in Exiv2. It has been classified as problematic. This affects the function QuickTimeVideo::multipleEntriesDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to infinite loop. It is possible to initiate the attack remotely. The name of the patch is 771ead87321ae6e39e5c9f6f0855c58cde6648f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213459. | 2022-11-11 | 6.5 | CVE-2022-3953 N/A N/A N/A |
expresstech — quiz_and_survey_master | Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. | 2022-11-18 | 6.1 | CVE-2022-40698 CONFIRM |
eyoucms — eyoucms | EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. | 2022-11-14 | 6.5 | CVE-2022-44389 MISC |
eyoucms — eyoucms | A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. | 2022-11-14 | 5.4 | CVE-2022-44390 MISC |
feehi — feehicms | A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788. | 2022-11-16 | 4.3 | CVE-2022-4014 N/A |
foru_cms_project — foru_cms | A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability. | 2022-11-11 | 5.4 | CVE-2022-3943 N/A N/A |
frappe — frappe | A vulnerability was found in Frappe. It has been rated as problematic. Affected by this issue is some unknown functionality of the file frappe/templates/includes/navbar/navbar_search.html of the component Search. The manipulation of the argument q leads to cross site scripting. The attack may be launched remotely. The name of the patch is bfab7191543961c6cb77fe267063877c31b616ce. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213560. | 2022-11-14 | 6.1 | CVE-2022-3988 N/A N/A N/A |
gnome — nautilus | GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. | 2022-11-14 | 5.5 | CVE-2022-37290 MISC MISC MISC |
gnuboard — gnuboard5 | A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540. | 2022-11-12 | 5.4 | CVE-2022-3963 N/A N/A |
gpac — gpac | A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463. | 2022-11-11 | 6.5 | CVE-2022-3957 N/A N/A |
guitar-pro — guitar_pro | A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the name of an uploaded file. | 2022-11-16 | 6.1 | CVE-2022-43263 MISC |
hallowelt — bluespice | Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). | 2022-11-15 | 6.1 | CVE-2022-3895 CONFIRM |
hallowelt — bluespice | Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks. | 2022-11-15 | 5.4 | CVE-2022-3958 CONFIRM |
hallowelt — bluespice | Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage. | 2022-11-15 | 5.4 | CVE-2022-41789 CONFIRM |
hallowelt — bluespice | Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage. | 2022-11-15 | 5.4 | CVE-2022-41814 CONFIRM |
hallowelt — bluespice | Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage. | 2022-11-15 | 5.4 | CVE-2022-42000 CONFIRM |
hallowelt — bluespice | Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation. | 2022-11-15 | 5.4 | CVE-2022-42001 CONFIRM |
hallowelt — bluespice | Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application. | 2022-11-15 | 4.8 | CVE-2022-3893 CONFIRM |
hallowelt — bluespice | Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application. | 2022-11-15 | 4.8 | CVE-2022-41611 CONFIRM |
htmldoc_project — htmldoc | A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. | 2022-11-14 | 5.5 | CVE-2022-0137 MISC MISC |
hustoj_project — hustoj | Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php. | 2022-11-17 | 6.1 | CVE-2022-42187 MISC |
ibm — business_automation_workflow | Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. | 2022-11-17 | 5.4 | CVE-2022-38390 MISC MISC |
ibm — cics_tx | IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172. | 2022-11-14 | 6.1 | CVE-2022-38705 MISC MISC MISC |
ibm — cics_tx | IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451. | 2022-11-14 | 5.4 | CVE-2022-34315 MISC MISC MISC |
ibm — cics_tx | IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459. | 2022-11-14 | 5.4 | CVE-2022-34317 MISC MISC MISC |
ibm — cics_tx | IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452. | 2022-11-14 | 5.3 | CVE-2022-34316 MISC MISC MISC |
ibm — cics_tx | IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467. | 2022-11-14 | 5.3 | CVE-2022-34329 MISC MISC MISC |
ibm — cloud_pak_for_security | IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663. | 2022-11-11 | 5.4 | CVE-2022-36776 MISC MISC |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688. | 2022-11-15 | 5.4 | CVE-2022-40753 MISC MISC |
ibm — mq | IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. | 2022-11-11 | 6.5 | CVE-2022-31772 MISC MISC |
ibm — mq_internet_pass-thru | IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. | 2022-11-14 | 5.5 | CVE-2022-35719 MISC MISC |
ibm — urbancode_deploy | IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including “Manage Security” permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601. | 2022-11-17 | 4.9 | CVE-2022-40751 MISC MISC |
ibm — websphere_application_server | IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. | 2022-11-11 | 5.4 | CVE-2022-40750 MISC MISC |
ikus-soft — rdiffweb | Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. | 2022-11-16 | 4.3 | CVE-2022-4018 MISC CONFIRM |
insyde — kernel | DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). This issue was discovered by Insyde engineering. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 | 2022-11-14 | 6.4 | CVE-2022-30773 MISC MISC |
insyde — kernel | DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043 | 2022-11-15 | 6.4 | CVE-2022-30774 MISC MISC |
insyde — kernel | Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. “DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in Kernel 5.2: 05.27.21. Kernel 5.3: 05.36.21. Kernel 5.4: 05.44.21. Kernel 5.5: 05.52.21 https://www.insyde.com/security-pledge/SA-2022044 | 2022-11-15 | 6.4 | CVE-2022-31243 MISC MISC |
insyde — kernel | DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. | 2022-11-14 | 6.4 | CVE-2022-32266 MISC MISC |
insyde — kernel | DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack… This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046 | 2022-11-15 | 6.4 | CVE-2022-32267 MISC MISC |
insyde — kernel | DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022048 | 2022-11-15 | 6.4 | CVE-2022-33906 MISC MISC |
insyde — kernel | DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack… DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049 | 2022-11-14 | 6.4 | CVE-2022-33907 MISC MISC |
insyde — kernel | DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23 CWE-367 | 2022-11-14 | 6.4 | CVE-2022-33982 MISC MISC |
insyde — kernel | DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 CWE-367 Report at: https://www.insyde.com/security-pledge/SA-2022056 | 2022-11-15 | 6.4 | CVE-2022-33986 MISC MISC |
intel — active_management_technology | Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 6.7 | CVE-2021-33159 MISC |
intel — celeron_1000m_firmware | Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 6.4 | CVE-2022-21198 MISC |
intel — core_i5-7640x_firmware | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 6.7 | CVE-2022-26006 MISC |
intel — nuc_11_performance_kit_nuc11pahi30z_firmware | Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 6.7 | CVE-2022-33176 MISC |
intel — nuc_8_compute_element_cm8i7cb_firmware | Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 6.7 | CVE-2022-35276 MISC |
intel — nuc_8_mainstream-g_kit_nuc8i7inh_firmware | Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 6.7 | CVE-2021-33164 MISC |
intel — nuc_board_de3815tybe_firmware | Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 6.7 | CVE-2022-34152 MISC |
intel — nuc_board_nuc5i3mybe_firmware | Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access. | 2022-11-11 | 5.5 | CVE-2022-36349 MISC |
intel — nuc_kit_nuc8i7hnk_firmware | Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 6.7 | CVE-2022-21794 MISC |
intel — nuc_m15_laptop_kit_lapbc510_firmware | Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | 6.7 | CVE-2022-32569 MISC |
intel — openvino | Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access. | 2022-11-11 | 6.5 | CVE-2021-26251 MISC |
intel — proset\/wireless_wifi | Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access. | 2022-11-11 | 6.5 | CVE-2022-26047 MISC |
intel — s2600wf_firmware | Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access. | 2022-11-11 | 6.7 | CVE-2022-30542 MISC |
intel — server_platform_services_firmware | Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access. | 2022-11-11 | 5.5 | CVE-2022-29466 MISC |
intel — server_platform_services_firmware | Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access. | 2022-11-11 | 5.5 | CVE-2022-29515 MISC |
intel — sgx_sdk | Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. | 2022-11-11 | 4.4 | CVE-2022-27499 MISC |
intel — support | Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access. | 2022-11-11 | 5.5 | CVE-2022-30691 MISC |
intel — support | Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access. | 2022-11-11 | 4.4 | CVE-2022-36367 MISC |
intel — wi-fi_6e_ax411_firmware | Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2022-11-11 | 6.5 | CVE-2022-28667 MISC |
jenkins — associated_files | Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-11-15 | 5.4 | CVE-2022-45401 CONFIRM |
jenkins — bart | Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. | 2022-11-15 | 5.4 | CVE-2022-45387 CONFIRM |
jenkins — cluster_statistics | A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | 2022-11-15 | 4.3 | CVE-2022-45398 CONFIRM |
jenkins — cluster_statistics | A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | 2022-11-15 | 4.3 | CVE-2022-45399 CONFIRM |
jenkins — delete_log | A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. | 2022-11-15 | 4.3 | CVE-2022-45394 CONFIRM |
jenkins — junit | Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-11-15 | 5.4 | CVE-2022-45380 CONFIRM |
jenkins — loader.io | A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 2022-11-15 | 4.3 | CVE-2022-45390 CONFIRM |
jenkins — naginator | Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names. | 2022-11-15 | 5.4 | CVE-2022-45382 CONFIRM |
jenkins — ns-nd_integration_performance_publisher | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | 2022-11-15 | 6.5 | CVE-2022-45392 CONFIRM |
jenkins — reverse_proxy_auth | Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 2022-11-15 | 6.5 | CVE-2022-45384 CONFIRM |
jenkins — support_core | An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission. | 2022-11-15 | 6.5 | CVE-2022-45383 CONFIRM |
jenkins — violations | Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2022-11-15 | 5.5 | CVE-2022-45386 CONFIRM |
jenkins — xp-dev | A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. | 2022-11-15 | 5.3 | CVE-2022-45389 CONFIRM |
karmasis — infraskope_security_event_manager | Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to modificate logs. | 2022-11-16 | 5.3 | CVE-2022-24036 CONFIRM |
kavitareader — kavita | Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. | 2022-11-11 | 5.3 | CVE-2022-3945 CONFIRM MISC |
keyfactor — kefactor_ejbca | Keyfactor EJBCA before 7.10.0 allows XSS. | 2022-11-17 | 5.4 | CVE-2022-42954 CONFIRM |
keyfactor — primekey_ejbca | A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user. | 2022-11-17 | 5.4 | CVE-2022-39834 CONFIRM |
liferay — digital_experience_platform | The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential. | 2022-11-15 | 5.9 | CVE-2022-42132 MISC MISC MISC |
liferay — digital_experience_platform | The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page. | 2022-11-15 | 5.3 | CVE-2022-42127 MISC MISC MISC |
liferay — digital_experience_platform | The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API. | 2022-11-15 | 5.3 | CVE-2022-42128 MISC MISC MISC |
liferay — digital_experience_platform | Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module’s REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3. | 2022-11-15 | 4.8 | CVE-2022-42131 MISC MISC MISC |
liferay — digital_experience_platform | The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI. | 2022-11-15 | 4.3 | CVE-2022-42126 MISC MISC MISC |
liferay — digital_experience_platform | An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter. | 2022-11-15 | 4.3 | CVE-2022-42129 MISC MISC MISC |
liferay — digital_experience_platform | The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries. | 2022-11-15 | 4.3 | CVE-2022-42130 MISC MISC MISC |
liferay — liferay_portal | A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML. | 2022-11-15 | 6.1 | CVE-2022-42110 MISC MISC |
liferay — liferay_portal | A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter. | 2022-11-15 | 6.1 | CVE-2022-42118 MISC MISC MISC |
liferay — liferay_portal | A Cross-site scripting (XSS) vulnerability in the Sharing module’s user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload. | 2022-11-15 | 5.4 | CVE-2022-42111 MISC MISC |
liferay — liferay_portal | Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8. | 2022-11-15 | 5.4 | CVE-2022-42119 MISC MISC MISC |
linux — linux_kernel | An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. | 2022-11-14 | 4.6 | CVE-2022-3903 MISC MISC |
linuxfoundation — kubevela | KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who’re using v1.6, please update the v1.6.1. Users who’re using v1.5, please update the v1.5.8. There are no known workarounds for this issue. | 2022-11-16 | 6.5 | CVE-2022-39383 CONFIRM MISC |
matrix — matrix_irc_bridge | A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is 179313a37f06b298150edba3e2b0e5a73c1415e7. It is recommended to upgrade the affected component. VDB-213550 is the identifier assigned to this vulnerability. | 2022-11-13 | 5.6 | CVE-2022-3971 N/A N/A N/A N/A |
metagauss — profilegrid | The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 2022-11-14 | 6.1 | CVE-2022-3578 CONFIRM |
nintex — workflow | The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. | 2022-11-14 | 6.1 | CVE-2022-38167 MISC MISC |
nodebb — nodebb | A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555. | 2022-11-13 | 4.3 | CVE-2022-3978 N/A N/A N/A N/A |
nukeviet — nukeviet | A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.5 is able to address this issue. The name of the patch is 0b3197fad950bb3383e83039a8ee4c9509b3ce02. It is recommended to upgrade the affected component. VDB-213554 is the identifier assigned to this vulnerability. | 2022-11-13 | 6.1 | CVE-2022-3975 N/A N/A N/A |
op5 — monitor | OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS). | 2022-11-14 | 6.1 | CVE-2021-40272 MISC |
openkm — openkm | A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548. | 2022-11-13 | 5.5 | CVE-2022-3969 N/A N/A N/A N/A |
password_storage_application_project — password_storage_application | A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | 2022-11-17 | 6.1 | CVE-2022-43142 MISC |
permalink_manager_lite_project — permalink_manager_lite | The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-11-16 | 4.3 | CVE-2022-4021 MISC MISC |
phpservermonitor — php_server_monitor | A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is 3daa804d5f56c55b3ae13bfac368bb84ec632193. It is recommended to apply a patch to fix this issue. The identifier VDB-213717 was assigned to this vulnerability. | 2022-11-15 | 5.3 | CVE-2021-4240 MISC MISC MISC |
phpservermonitor — php_server_monitor | A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is bb10a5f3c68527c58073258cb12446782d223bc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213744. | 2022-11-15 | 5.3 | CVE-2021-4241 MISC MISC MISC |
publiccms — publiccms | A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456. | 2022-11-11 | 6.1 | CVE-2022-3950 N/A N/A |
qualcomm — aqt1000_firmware | Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-11-15 | 5.5 | CVE-2022-25676 CONFIRM |
qualcomm — aqt1000_firmware | Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-11-15 | 5.5 | CVE-2022-25679 CONFIRM |
resmush.it — resmush.it_image_optimizer | The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site. | 2022-11-14 | 6.5 | CVE-2022-2449 CONFIRM |
resmush.it — resmush.it_image_optimizer | The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them. | 2022-11-14 | 4.3 | CVE-2022-2450 CONFIRM |
sanitization_management_system_project — sanitization_management_system | A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability. | 2022-11-11 | 6.1 | CVE-2022-3942 N/A MISC |
sanitization_management_system_project — sanitization_management_system | A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571. | 2022-11-14 | 6.1 | CVE-2022-3992 N/A |
scratch-wiki — scratch_login | The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). | 2022-11-17 | 4.8 | CVE-2022-42985 MISC MISC |
simple_cashiering_system_project — simple_cashiering_system | A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-213455. | 2022-11-11 | 6.1 | CVE-2022-3949 N/A |
simplex — simplex_chat | SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol. | 2022-11-12 | 5.3 | CVE-2022-45195 MISC MISC MISC MISC |
snakeyaml_project — snakeyaml | Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | 2022-11-11 | 6.5 | CVE-2022-41854 CONFIRM |
student_attendance_management_system_project — student_attendance_management_system | A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213846 is the identifier assigned to this vulnerability. | 2022-11-17 | 4.8 | CVE-2022-4053 MISC MISC |
tenda — ac1200_v-w15ev2_firmware | The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they’re not explicitly authorized to have. | 2022-11-15 | 6.5 | CVE-2022-40845 MISC |
tenda — ac1200_v-w15ev2_firmware | In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body. | 2022-11-15 | 5.4 | CVE-2022-40844 MISC |
tenda — ac1200_v-w15ev2_firmware | The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator’s user account. | 2022-11-15 | 4.9 | CVE-2022-40843 MISC |
tenda — ac1200_v-w15ev2_firmware | In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname. | 2022-11-15 | 4.8 | CVE-2022-40846 MISC |
themepoints — testimonials | The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-11-14 | 4.8 | CVE-2022-3539 CONFIRM |
tibco — spotfire_server | The Visualizations component of TIBCO Software Inc.’s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0. | 2022-11-15 | 5.4 | CVE-2022-41558 CONFIRM CONFIRM |
tribalsystems — zenario | Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. | 2022-11-16 | 5.4 | CVE-2022-44069 MISC |
tribalsystems — zenario | Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. | 2022-11-16 | 5.4 | CVE-2022-44070 MISC |
tribalsystems — zenario | Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. | 2022-11-16 | 5.4 | CVE-2022-44071 MISC |
tribalsystems — zenario | Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. | 2022-11-16 | 5.4 | CVE-2022-44073 MISC |
webartesanal — mantenimiento_web | Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. | 2022-11-18 | 6.1 | CVE-2022-38075 CONFIRM |
webmaster_tools_verification_project — webmaster_tools_verification | The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | 2022-11-14 | 6.5 | CVE-2022-3538 CONFIRM |
wondercms — wondercms | A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. | 2022-11-17 | 6.1 | CVE-2022-43332 MISC |
wp_attachments_project — wp_attachments | The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | 2022-11-14 | 4.8 | CVE-2022-3469 CONFIRM |
wpb_show_core_project — wpb_show_core | The WPB Show Core WordPress plugin through TODO does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 2022-11-14 | 6.1 | CVE-2022-3484 CONFIRM |
wsgidav_project — wsgidav | WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration. | 2022-11-11 | 6.1 | CVE-2022-41905 MISC CONFIRM |
xiongmaitech — xm-jpr2-lx_firmware | Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing. | 2022-11-14 | 5.3 | CVE-2021-38828 MISC |
xpdfreader — xpdf | XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. | 2022-11-14 | 5.5 | CVE-2022-43295 MISC |
yikesinc — custom_product_tabs_for_woocommerce | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress. | 2022-11-18 | 4.8 | CVE-2022-43463 CONFIRM |
zoneminder — zoneminder | A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 and requires a different attack method. | 2022-11-15 | 5.4 | CVE-2022-30768 MISC MISC |
zoneminder — zoneminder | Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user. | 2022-11-15 | 4.6 | CVE-2022-30769 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ibm — cics_tx | IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. | 2022-11-14 | 3.3 | CVE-2022-34312 MISC MISC MISC |
ibm — cics_tx | IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. | 2022-11-14 | 3.3 | CVE-2022-34314 MISC MISC MISC |
ibm — cics_tx | IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449. | 2022-11-14 | 3.1 | CVE-2022-34313 MISC MISC MISC |
ibm — partner_engagement_manager | IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. | 2022-11-16 | 3.3 | CVE-2022-34354 MISC MISC |
intel — wlan_authentication_and_privacy_infrastructure | Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. | 2022-11-11 | 3.3 | CVE-2022-33973 MISC |
jenkins — delete_log | A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | 2022-11-15 | 3.5 | CVE-2022-45393 CONFIRM |
wp-polls_project — wp-polls | Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress. | 2022-11-18 | 3.1 | CVE-2022-40130 CONFIRM CONFIRM |
zoom — vdi_windows_meeting_clients | The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account. | 2022-11-14 | 3.3 | CVE-2022-28764 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
amasty — magneto_2_blog_pro |
The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response. | 2022-11-17 | not yet calculated | CVE-2022-36432 MISC |
apple — mdnsresponser.ece |
mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files. | 2022-11-17 | not yet calculated | CVE-2022-23748 MISC |
bkg — professional_ntripcaster | BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable. | 2022-11-17 | not yet calculated | CVE-2022-42982 MISC MISC |
carel — boss_mini |
Carel Boss Mini 1.5.0 has Improper Access Control. | 2022-11-18 | not yet calculated | CVE-2022-34827 MISC MISC |
cbeust — cbeust |
A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-214027. | 2022-11-19 | not yet calculated | CVE-2022-4065 N/A N/A N/A |
cisco — firepower_management_center |
A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this vulnerability by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. To successfully exploit this vulnerability, an attacker would need valid credentials for a user with Device permissions: by default, only Administrators, Security Approvers and Network Admins user accounts have these permissions. | 2022-11-15 | not yet calculated | CVE-2022-20925 MISC |
cisco — firepower_management_center |
A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this vulnerability by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. To successfully exploit this vulnerability, an attacker would need valid credentials for a user with Device permissions: by default, only Administrators, Security Approvers and Network Admins user accounts have these permissions. | 2022-11-15 | not yet calculated | CVE-2022-20926 MISC |
cisco — firepower_management_center | A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed. | 2022-11-15 | not yet calculated | CVE-2022-20938 MISC |
cisco — firepower_management_center | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device. | 2022-11-15 | not yet calculated | CVE-2022-20941 MISC |
cisco — firepower_threat_defense | A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. An attacker could exploit this vulnerability by sending crafted TLS messages to an affected device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. | 2022-11-15 | not yet calculated | CVE-2022-20940 MISC |
cisco — firepower_threat_defense |
A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM”] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. | 2022-11-15 | not yet calculated | CVE-2022-20946 MISC |
cisco — firepower_threat_defense |
A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. An attacker could exploit this vulnerability by sending specific messages to the affected HTTPS handler. A successful exploit could allow the attacker to perform configuration changes on the affected system, which should be configured and managed only through Cisco Firepower Management Center (FMC) Software. | 2022-11-15 | not yet calculated | CVE-2022-20949 MISC |
cisco — firepower_threat_defense |
A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition. | 2022-11-15 | not yet calculated | CVE-2022-20950 MISC |
cisco — multiple_products |
A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential. This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed. | 2022-11-15 | not yet calculated | CVE-2022-20918 MISC |
cisco — multiple_products | Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details [“#details”] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected. | 2022-11-15 | not yet calculated | CVE-2022-20922 MISC |
cisco — multiple_products | A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 2022-11-15 | not yet calculated | CVE-2022-20924 MISC |
cisco — multiple_products | A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition. | 2022-11-15 | not yet calculated | CVE-2022-20927 MISC |
cisco — multiple_products | A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to a flaw in the authorization verifications during the VPN authentication flow. An attacker could exploit this vulnerability by sending a crafted packet during a VPN authentication. The attacker must have valid credentials to establish a VPN connection. A successful exploit could allow the attacker to establish a VPN connection with access privileges from a different user. | 2022-11-15 | not yet calculated | CVE-2022-20928 MISC |
cisco — multiple_products | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials. | 2022-11-15 | not yet calculated | CVE-2022-20934 MISC |
cisco — multiple_products | Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details [“#details”] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected. | 2022-11-15 | not yet calculated | CVE-2022-20943 MISC |
cisco — multiple_products |
A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU”] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. | 2022-11-15 | not yet calculated | CVE-2022-20947 MISC |
d-link — d-link |
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 “login.asp” A. The window.location.href = http://192.168.1.1/setupWizard.asp” http://192.168.1.1/setupWizard.asp” ; “admin” – contains default username value “login.asp” B. While accessing the web interface, the login form at *Authorization Bypass – URL by “setupWizard.asp’ while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a “login_glag” and “login_status” checking browser and to read the admin user credentials for the web interface. | 2022-11-17 | not yet calculated | CVE-2022-36785 MISC |
d-link — d-link |
DLINK – DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. | 2022-11-17 | not yet calculated | CVE-2022-36786 MISC |
d-link — dir3060 | D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. | 2022-11-18 | not yet calculated | CVE-2022-44204 MISC MISC |
dalli — dalli |
A vulnerability was found in Dalli. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to apply a patch to fix this issue. VDB-214026 is the identifier assigned to this vulnerability. | 2022-11-19 | not yet calculated | CVE-2022-4064 MISC MISC MISC MISC |
davidmoreno — onion | A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is de8ea938342b36c28024fd8393ebc27b8442a161. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-214028. | 2022-11-19 | not yet calculated | CVE-2022-4066 N/A N/A N/A |
dedecms — dedecms | An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886. | 2022-11-17 | not yet calculated | CVE-2022-43192 MISC |
drachtio — drachtio_server | In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. | 2022-11-18 | not yet calculated | CVE-2022-45473 MISC |
drachtio — drachtio_server | drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. | 2022-11-18 | not yet calculated | CVE-2022-45474 MISC |
elastic — kibana | An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website. | 2022-11-18 | not yet calculated | CVE-2021-22141 MISC MISC |
elastic — kibana | It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user. | 2022-11-18 | not yet calculated | CVE-2021-37936 MISC MISC |
elsight — halo_rce |
Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution. | 2022-11-17 | not yet calculated | CVE-2022-36784 MISC |
esri — arcgis_quick_capture_web_designer |
An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain. | 2022-11-15 | not yet calculated | CVE-2022-38201 MISC |
flarum — flarum |
Flarum is an open source discussion platform. Flarum’s page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue. | 2022-11-19 | not yet calculated | CVE-2022-41938 CONFIRM MISC MISC |
free5gc — free5gc |
In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. | 2022-11-18 | not yet calculated | CVE-2022-38871 MISC |
freerdp — freerdp |
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue. | 2022-11-16 | not yet calculated | CVE-2022-39317 CONFIRM |
freerdp — freerdp |
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. | 2022-11-16 | not yet calculated | CVE-2022-39320 CONFIRM |
glpi_project — glpi_project |
GLPI – Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) – The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker’s content back to the victim, the content is executed by the victim’s browser. | 2022-11-17 | not yet calculated | CVE-2022-39181 MISC |
google — android | In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555070References: N/A | 2022-11-17 | not yet calculated | CVE-2022-20427 MISC |
google — android | In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555411References: N/A | 2022-11-17 | not yet calculated | CVE-2022-20428 MISC |
google — android | In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239556260References: N/A | 2022-11-17 | not yet calculated | CVE-2022-20459 MISC |
google — android | In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239557547References: N/A | 2022-11-17 | not yet calculated | CVE-2022-20460 MISC |
google — android | In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/A | 2022-11-17 | not yet calculated | CVE-2022-42533 MISC |
horner_automation — cscape |
Horner Automation’s Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read. | 2022-11-15 | not yet calculated | CVE-2022-3377 MISC |
hostel_searching_project — hostel_searching_project |
A vulnerability has been found in Hostel Searching Project and classified as critical. This vulnerability affects unknown code of the file view-property.php. The manipulation of the argument property_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213844. | 2022-11-17 | not yet calculated | CVE-2022-4051 MISC MISC |
imperva — equalweb_accessibility_widget | EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js. | 2022-11-17 | not yet calculated | CVE-2022-42960 MISC |
installbuilder — installbuilder |
InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL. | 2022-11-18 | not yet calculated | CVE-2022-31694 MISC |
insyde — ahcibusdxe |
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059 | 2022-11-15 | not yet calculated | CVE-2022-29276 MISC MISC |
insyde — fwblockservicesmm | Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060 | 2022-11-15 | not yet calculated | CVE-2022-29277 MISC MISC |
insyde — multiple_products | Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062 | 2022-11-15 | not yet calculated | CVE-2022-29279 MISC MISC |
insyde — nvmexpressdxe |
Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061 | 2022-11-15 | not yet calculated | CVE-2022-29278 MISC MISC |
insyde — pnpsmm |
Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064 | 2022-11-15 | not yet calculated | CVE-2022-30771 MISC MISC |
insyde — pnpsmm | Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065 | 2022-11-15 | not yet calculated | CVE-2022-30772 MISC MISC |
insyde — usbcoredxe | In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058 | 2022-11-15 | not yet calculated | CVE-2022-29275 MISC MISC |
insyde — usbcoredxe | In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. The code which uses can be inside of SMM, making the working buffer untrusted input. The buffer can be corrupted by DMA transfers. The SMM code code attempts to sanitize pointers to ensure all pointers refer to the working buffer, but when a pointer is not found in the list of pointers to sanitize, the current action is not aborted, leading to undefined behavior. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in: Kernel 5.0: Version 05.09. 21 Kernel 5.1: Version 05.17.21 Kernel 5.2: Version 05.27.21 Kernel 5.3: Version 05.36.21 Kernel 5.4: Version 05.44.21 Kernel 5.5: Version 05.52.21 https://www.insyde.com/security-pledge/SA-2022063 | 2022-11-15 | not yet calculated | CVE-2022-30283 MISC MISC |
intel — server_board_m50cyp_family | Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access. | 2022-11-11 | not yet calculated | CVE-2022-25917 MISC |
intelbras — sg_2404_mr | INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. | 2022-11-18 | not yet calculated | CVE-2022-43308 MISC MISC |
iobit — iotransfer |
IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. | 2022-11-18 | not yet calculated | CVE-2022-37197 MISC |
jetbrains — hub | In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address | 2022-11-18 | not yet calculated | CVE-2022-45471 MISC |
karmasis_bilisim_cozumleri — infraskope_security_event_manager | Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to obtain critical information. | 2022-11-18 | not yet calculated | CVE-2022-24037 CONFIRM |
karmasis_bilisim_cozumleri — infraskope_security_event_manager | Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed. | 2022-11-18 | not yet calculated | CVE-2022-24038 CONFIRM |
knative — func | knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack. | 2022-11-19 | not yet calculated | CVE-2022-41939 MISC MISC MISC CONFIRM |
lancet — lancet | Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-11-17 | not yet calculated | CVE-2022-41920 MISC MISC MISC CONFIRM |
lief — lief | A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. | 2022-11-17 | not yet calculated | CVE-2022-43171 MISC |
lightning_network_daemon — lightning_network_daemon |
Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version `v0.15.4` are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. Opening channels is prohibited, and also on chain transaction events will be undetected. This can cause loss of funds if a CSV expiry is researched during a breach attempt or a CLTV delta expires forgetting the funds in the HTLC. A patch is available in `lnd` version 0.15.4. Users are advised to upgrade. Users unable to upgrade may use the `lncli updatechanpolicy` RPC call to increase their CLTV value to a very high amount or increase their fee policies. This will prevent nodes from routing through your node, meaning that no pending HTLCs can be present. | 2022-11-17 | not yet calculated | CVE-2022-39389 MISC MISC CONFIRM MISC |
linaro — automated_validation_architecture | In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | 2022-11-18 | not yet calculated | CVE-2022-44641 MISC |
linaro — automated_validation_architecture | In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server. | 2022-11-18 | not yet calculated | CVE-2022-45132 MISC MISC |
manageengine — zoho_manageengine_admanager_plus | Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. | 2022-11-18 | not yet calculated | CVE-2022-42904 MISC |
manageengine — zoho_manageengine_supportcenter_plus | Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. | 2022-11-17 | not yet calculated | CVE-2022-42903 MISC |
maradns — deadwood | An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for “Ghost” domain names. | 2022-11-19 | not yet calculated | CVE-2022-30256 MISC MISC |
media5_corporation — mediatrix | Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port. | 2022-11-17 | not yet calculated | CVE-2022-43096 MISC MISC |
monikabrzica — scm | A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Affected by this issue is some unknown functionality of the file upis_u_bazu.php. The manipulation of the argument email/lozinka/ime/id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-213698 is the identifier assigned to this vulnerability. | 2022-11-15 | not yet calculated | CVE-2022-3997 MISC MISC |
monikabrzica — scm |
A vulnerability, which was classified as critical, was found in MonikaBrzica scm. This affects an unknown part of the file uredi_korisnika.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213699. | 2022-11-15 | not yet calculated | CVE-2022-3998 MISC MISC |
nvidia — cuda_toolkit_sdk |
NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user. | 2022-11-19 | not yet calculated | CVE-2022-34667 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 2022-11-19 | not yet calculated | CVE-2022-31610 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information. | 2022-11-19 | not yet calculated | CVE-2022-31612 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic. | 2022-11-19 | not yet calculated | CVE-2022-31613 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 2022-11-19 | not yet calculated | CVE-2022-31615 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure. | 2022-11-19 | not yet calculated | CVE-2022-31616 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 2022-11-19 | not yet calculated | CVE-2022-31617 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 2022-11-19 | not yet calculated | CVE-2022-34665 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering. | 2022-11-19 | not yet calculated | CVE-2022-31606 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure. | 2022-11-19 | not yet calculated | CVE-2022-31607 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 2022-11-19 | not yet calculated | CVE-2022-31608 MISC |
nxp — multiple_products | An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.) | 2022-11-18 | not yet calculated | CVE-2022-45163 MISC MISC |
opc_foundation — local_discovery_server |
OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). | 2022-11-17 | not yet calculated | CVE-2022-44725 MISC MISC |
pentagrid — seppmail | The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address. | 2022-11-18 | not yet calculated | CVE-2021-31739 MISC |
proofpoint — enterprise_protection | Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control. | 2022-11-17 | not yet calculated | CVE-2021-31608 MISC |
red_lion_controls — crimson |
Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user’s password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes. | 2022-11-17 | not yet calculated | CVE-2022-3090 MISC |
siemens — syngo_dynamics | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool. | 2022-11-17 | not yet calculated | CVE-2022-42732 MISC |
siemens — syngo_dynamics | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool. | 2022-11-17 | not yet calculated | CVE-2022-42733 MISC |
siemens — syngo_dynamics | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool. | 2022-11-17 | not yet calculated | CVE-2022-42734 MISC |
siemens — syngo_dynamics | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool. | 2022-11-17 | not yet calculated | CVE-2022-42891 MISC |
siemens — syngo_dynamics | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website’s application pool. | 2022-11-17 | not yet calculated | CVE-2022-42892 MISC |
siemens — syngo_dynamics | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool. | 2022-11-17 | not yet calculated | CVE-2022-42893 MISC |
siemens — syngo_dynamics | A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration. | 2022-11-17 | not yet calculated | CVE-2022-42894 MISC |
silicon_labs — ember_znet |
A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. | 2022-11-18 | not yet calculated | CVE-2022-24939 MISC MISC |
silicon_labs — micrium_uc-http | Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request. | 2022-11-15 | not yet calculated | CVE-2022-24942 MISC MISC |
synthesia — synthesia | A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. | 2022-11-17 | not yet calculated | CVE-2021-33897 MISC MISC |
syss_gmbh — backclick_professional | An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server. | 2022-11-16 | not yet calculated | CVE-2022-43999 MISC MISC |
syss_gmbh — backclick_professional | An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server. | 2022-11-16 | not yet calculated | CVE-2022-44000 MISC MISC |
syss_gmbh — backclick_professional | An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers’ e-mail addresses. Furthermore, it is possible to subscribe and verify other persons’ e-mail addresses to newsletters without their consent. | 2022-11-16 | not yet calculated | CVE-2022-44005 MISC MISC |
syss_gmbh — backclick_professional | An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation. | 2022-11-16 | not yet calculated | CVE-2022-44007 MISC MISC |
syss_gmbh — backclick_professional | An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly. | 2022-11-16 | not yet calculated | CVE-2022-44008 MISC |
tensorflow — tensorflow | TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41895 CONFIRM MISC MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41880 CONFIRM MISC MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41883 MISC MISC CONFIRM MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41884 CONFIRM MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41885 MISC CONFIRM MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41886 MISC CONFIRM MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9. | 2022-11-18 | not yet calculated | CVE-2022-41887 MISC CONFIRM MISC MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41888 MISC MISC CONFIRM |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41889 CONFIRM MISC MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41890 MISC MISC CONFIRM |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41891 MISC MISC CONFIRM |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41893 CONFIRM MISC MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41894 MISC MISC CONFIRM |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41896 MISC MISC CONFIRM |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41897 MISC CONFIRM MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41898 CONFIRM MISC MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41899 CONFIRM MISC MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1. | 2022-11-18 | not yet calculated | CVE-2022-41900 CONFIRM MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41901 MISC CONFIRM MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41907 MISC MISC CONFIRM |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41908 MISC MISC CONFIRM |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41909 CONFIRM MISC MISC MISC |
tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. When printing a tensor, we get it’s data as a `const char*` array (since that’s the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | 2022-11-18 | not yet calculated | CVE-2022-41911 MISC MISC CONFIRM |
veritas_support — netbackup | The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. | 2022-11-17 | not yet calculated | CVE-2022-45461 MISC |
webvendome — internal_server |
Webvendome – Webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure. | 2022-11-17 | not yet calculated | CVE-2022-39178 MISC |
webvendome — webvendome | Webvendome – Webvendome SQL Injection. SQL Injection in the Parameter ” DocNumber” Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE. | 2022-11-17 | not yet calculated | CVE-2022-36787 MISC |
windows — wire | Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database. | 2022-11-18 | not yet calculated | CVE-2022-43673 MISC MISC |
withsecure — withsecure |
WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 4 of 5). | 2022-11-17 | not yet calculated | CVE-2022-38165 MISC |
wordpress — wordpress |
Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 2022-11-17 | not yet calculated | CVE-2021-36905 CONFIRM CONFIRM |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress. | 2022-11-17 | not yet calculated | CVE-2022-40694 CONFIRM |
wordpress — wordpress | Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-40963 CONFIRM CONFIRM |
wordpress — wordpress | Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. | 2022-11-17 | not yet calculated | CVE-2022-41132 CONFIRM |
wordpress — wordpress | Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-41135 CONFIRM |
wordpress — wordpress | Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. | 2022-11-19 | not yet calculated | CVE-2022-41155 CONFIRM CONFIRM |
wordpress — wordpress | Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress. | 2022-11-17 | not yet calculated | CVE-2022-41315 CONFIRM |
wordpress — wordpress | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-41615 CONFIRM CONFIRM |
wordpress — wordpress | Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-41618 CONFIRM CONFIRM |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-41634 CONFIRM CONFIRM |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-41643 CONFIRM CONFIRM |
wordpress — wordpress | Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-41652 CONFIRM |
wordpress — wordpress | Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-41655 CONFIRM CONFIRM |
wordpress — wordpress | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter’s Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-41685 CONFIRM CONFIRM CONFIRM CONFIRM |
wordpress — wordpress | Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-41692 CONFIRM |
wordpress — wordpress | Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-41781 CONFIRM |
wordpress — wordpress | Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-41788 CONFIRM CONFIRM |
wordpress — wordpress | Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. | 2022-11-17 | not yet calculated | CVE-2022-41791 CONFIRM |
wordpress — wordpress | Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. | 2022-11-18 | not yet calculated | CVE-2022-41839 CONFIRM |
wordpress — wordpress | Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-41840 CONFIRM |
wordpress — wordpress | Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-42459 CONFIRM CONFIRM |
wordpress — wordpress | Broken Access Control vulnerability in miniOrange’s Google Authenticator plugin <= 5.6.1 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-42461 CONFIRM |
wordpress — wordpress | Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-42497 CONFIRM CONFIRM |
wordpress — wordpress | Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-42698 CONFIRM CONFIRM |
wordpress — wordpress | Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-42883 CONFIRM |
wordpress — wordpress | Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-43482 CONFIRM |
wordpress — wordpress | Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-43492 CONFIRM CONFIRM |
wordpress — wordpress | Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-44583 CONFIRM CONFIRM |
wordpress — wordpress | Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-44584 CONFIRM CONFIRM |
wordpress — wordpress | Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-44634 CONFIRM CONFIRM |
wordpress — wordpress | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-44740 CONFIRM CONFIRM |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | 2022-11-17 | not yet calculated | CVE-2022-45071 CONFIRM |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. | 2022-11-17 | not yet calculated | CVE-2022-45072 CONFIRM |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-45073 CONFIRM |
wordpress — wordpress | Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key. | 2022-11-18 | not yet calculated | CVE-2022-45082 CONFIRM CONFIRM |
wordpress — wordpress | Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-45369 CONFIRM |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ULTIMATE TABLES plugin <= 1.6.5 on WordPress. | 2022-11-17 | not yet calculated | CVE-2022-36357 CONFIRM |
wordpress — wordpress |
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). | 2022-11-17 | not yet calculated | CVE-2022-38461 CONFIRM |
wordpress — wordpress |
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | 2022-11-18 | not yet calculated | CVE-2022-38974 CONFIRM |
wordpress — wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | 2022-11-17 | not yet calculated | CVE-2022-40192 CONFIRM |
wordpress — wordpress |
Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | 2022-11-17 | not yet calculated | CVE-2022-40200 CONFIRM CONFIRM |
wordpress — wordpress |
Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. | 2022-11-18 | not yet calculated | CVE-2022-40216 CONFIRM CONFIRM |
xdg-email — xdg-email | When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. | 2022-11-19 | not yet calculated | CVE-2022-4055 MISC |
xpdf — xpdf | A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 2022-11-15 | not yet calculated | CVE-2022-43071 MISC |
zoom — client_for_meetings_installer | The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root. | 2022-11-17 | not yet calculated | CVE-2022-28768 MISC |
zoom — multiple_products | Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. | 2022-11-17 | not yet calculated | CVE-2022-28766 MISC |
zoom — rooms_installer_for_windows |
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user. | 2022-11-17 | not yet calculated | CVE-2022-36924 MISC |
zulip — zulip | Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be possible for an attacker to infer the value of the token by performing a sophisticated timing analysis on a large number of failing requests. If successful, this would allow the attacker to impersonate the SCIM client for its abilities to read and update user accounts in the Zulip organization. Organizations where SCIM account management has not been enabled are not affected. | 2022-11-16 | not yet calculated | CVE-2022-41914 CONFIRM MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.