US-CERT Bulletin (SB22-318):Vulnerability Summary for the Week of November 7, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accusoft — imagegear | An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2022-11-09 | 7.8 | CVE-2022-32588 MISC |
acronis — cyber_protect_home_office | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | 2022-11-07 | 7.8 | CVE-2022-44732 MISC |
acronis — cyber_protect_home_office | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | 2022-11-07 | 7.8 | CVE-2022-44733 MISC |
acronis — cyber_protect_home_office | Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | 2022-11-07 | 7.8 | CVE-2022-44747 MISC |
acronis — cyber_protect_home_office | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | 2022-11-07 | 7.3 | CVE-2022-44744 MISC |
activity_log_project — activity_log | CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. | 2022-11-08 | 9.8 | CVE-2022-27858 CONFIRM CONFIRM |
addify — role_based_pricing_for_woocommerce | The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog | 2022-11-07 | 8.8 | CVE-2022-3536 CONFIRM |
addify — role_based_pricing_for_woocommerce | The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP | 2022-11-07 | 8.8 | CVE-2022-3537 CONFIRM |
analytify — analytify_-_google_analytics_dashboard | Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress. | 2022-11-08 | 8.8 | CVE-2022-38137 CONFIRM CONFIRM |
apache — commons_bcel | Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0. | 2022-11-07 | 9.8 | CVE-2022-42920 MISC MLIST |
apache — ivy | With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the “zip”, “jar” or “war” packaging Ivy prior to 2.5.1 doesn’t verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse “upwards” using “..” sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1. | 2022-11-07 | 9.1 | CVE-2022-37865 CONFIRM |
apache — ivy | When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied “pattern” that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain “../” sequences – which are valid characters for Ivy coordinates in general – it is possible the artifacts are stored outside of Ivy’s local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing “..” sequences and a “normal” repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1. | 2022-11-07 | 7.5 | CVE-2022-37866 MISC |
apache — pulsar | The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the ClientCredentialFlow ‘issuer url’. The intercepted credentials can be used to acquire authentication data from the OAuth2.0 server to then authenticate with an Apache Pulsar cluster. An attacker can only take advantage of this vulnerability by taking control of a machine ‘between’ the client and the server. The attacker must then actively manipulate traffic to perform the attack. The Apache Pulsar Python Client wraps the C++ client, so it is also vulnerable in the same way. This issue affects Apache Pulsar C++ Client and Python Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0 to 2.10.1; 2.6.4 and earlier. Any users running affected versions of the C++ Client or the Python Client should rotate vulnerable OAuth2.0 credentials, including client_id and client_secret. 2.7 C++ and Python Client users should upgrade to 2.7.5 and rotate vulnerable OAuth2.0 credentials. 2.8 C++ and Python Client users should upgrade to 2.8.4 and rotate vulnerable OAuth2.0 credentials. 2.9 C++ and Python Client users should upgrade to 2.9.3 and rotate vulnerable OAuth2.0 credentials. 2.10 C++ and Python Client users should upgrade to 2.10.2 and rotate vulnerable OAuth2.0 credentials. 3.0 C++ users are unaffected and 3.0 Python Client users will be unaffected when it is released. Any users running the C++ and Python Client for 2.6 or less should upgrade to one of the above patched versions. | 2022-11-04 | 8.1 | CVE-2022-33684 MISC |
arm — valhall_gpu_kernel_driver | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0. | 2022-11-08 | 8.8 | CVE-2022-41757 MISC |
azure — cyclecloud | Azure CycleCloud Elevation of Privilege Vulnerability. | 2022-11-09 | 7.5 | CVE-2022-41085 MISC |
azure — rtos_guix_studio | Azure RTOS GUIX Studio Remote Code Execution Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41051 MISC |
badgermeter — moni\ | In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. | 2022-11-07 | 7.5 | CVE-2020-12509 MISC |
bd — totalys_multiprocessor_firmware | BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability. | 2022-11-04 | 7.8 | CVE-2022-40263 CONFIRM |
canteen_management_system_project — canteen_management_system | Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php. | 2022-11-07 | 7.2 | CVE-2022-43049 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-11-09 | 7.2 | CVE-2022-43277 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php. | 2022-11-09 | 7.2 | CVE-2022-43278 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php. | 2022-11-09 | 7.2 | CVE-2022-43290 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php. | 2022-11-09 | 7.2 | CVE-2022-43291 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php. | 2022-11-09 | 7.2 | CVE-2022-43292 MISC |
cisco — asyncos | A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account. | 2022-11-04 | 8.8 | CVE-2022-20868 MISC |
cisco — broadworks_commpilot_application | A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} [“%7b%7bvalue%7d%7d”])}]] | 2022-11-04 | 8.8 | CVE-2022-20958 MISC |
cisco — email_security_appliance | A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerability by establishing a large number of concurrent TLS connections to an affected device. A successful exploit could allow the attacker to cause the device to drop new TLS email messages that come from the associated email servers. Exploitation of this vulnerability does not cause the affected device to unexpectedly reload. The device will recover autonomously within a few hours of when the attack is halted or mitigated. | 2022-11-04 | 7.5 | CVE-2022-20960 MISC |
cisco — identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx”] | 2022-11-04 | 8.8 | CVE-2022-20956 MISC |
cisco — identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user. | 2022-11-04 | 8.8 | CVE-2022-20961 MISC |
cisco — identity_services_engine | A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges. | 2022-11-04 | 8.8 | CVE-2022-20962 MISC |
citrix — gateway | Unauthorized access to Gateway user capabilities | 2022-11-08 | 9.8 | CVE-2022-27510 MISC |
citrix — gateway | User login brute force protection functionality bypass | 2022-11-08 | 9.8 | CVE-2022-27516 MISC |
citrix — gateway | Remote desktop takeover via phishing | 2022-11-08 | 9.6 | CVE-2022-27513 MISC |
codection — import_and_export_users_and_customers | The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. | 2022-11-07 | 8 | CVE-2022-3558 CONFIRM CONFIRM |
dedecms — dedecms | DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. | 2022-11-09 | 8.8 | CVE-2022-43031 MISC MISC |
democritus — d8s-dates | The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0. | 2022-11-07 | 9.8 | CVE-2022-44052 MISC MISC MISC |
democritus — d8s-networking | The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0. | 2022-11-07 | 9.8 | CVE-2022-44050 MISC MISC MISC |
democritus — d8s-networking | The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0. | 2022-11-07 | 9.8 | CVE-2022-44053 MISC MISC MISC |
democritus — d8s-python | The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0. | 2022-11-07 | 9.8 | CVE-2022-43305 MISC MISC MISC |
democritus — d8s-python | The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0. | 2022-11-07 | 9.8 | CVE-2022-44049 MISC MISC MISC |
democritus — d8s-stats | The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0. | 2022-11-07 | 9.8 | CVE-2022-44051 MISC MISC MISC |
democritus — d8s-strings | The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. | 2022-11-07 | 9.8 | CVE-2022-43303 MISC MISC MISC |
democritus — d8s-timer | The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. | 2022-11-07 | 9.8 | CVE-2022-43304 MISC MISC MISC |
democritus — d8s-timer | The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0. | 2022-11-07 | 8.8 | CVE-2022-43306 MISC MISC MISC |
democritus — d8s-urls | The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0. | 2022-11-07 | 9.8 | CVE-2022-44048 MISC MISC MISC |
democritus — d8s-xml | The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0. | 2022-11-07 | 9.8 | CVE-2022-44054 MISC MISC MISC |
fastify — websocket | @fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions. | 2022-11-08 | 7.5 | CVE-2022-39386 CONFIRM |
flowring — agentflow_bpm |
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service. | 2022-11-10 | 9.8 | CVE-2022-39036 MISC MISC |
flowring — agentflow_bpm |
Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | 2022-11-10 | 7.5 | CVE-2022-39037 MISC MISC |
fluentforms — contact_form | The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection | 2022-11-07 | 9.8 | CVE-2022-3463 CONFIRM |
food_ordering_management_system_project — food_ordering_management_system | Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer. | 2022-11-07 | 7.2 | CVE-2022-42990 MISC |
getshortcodes — shortcodes_ultimate | Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin’s Shortcodes Ultimate plugin <= 5.12.0 on WordPress. | 2022-11-08 | 8.8 | CVE-2022-41136 CONFIRM CONFIRM |
gifdec_project — gifdec | Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file. | 2022-11-07 | 7.8 | CVE-2022-43359 MISC |
gitlab — gitlab | Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim’s account. | 2022-11-10 | 9 | CVE-2022-3726 MISC CONFIRM MISC |
gitlab — gitlab | Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab | 2022-11-09 | 7.5 | CVE-2022-3285 CONFIRM MISC |
google — android | In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-243825200 | 2022-11-08 | 7.8 | CVE-2021-1050 MISC |
google — android | In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-246824784 | 2022-11-08 | 7.8 | CVE-2021-39661 MISC |
google — android | In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-238605611 | 2022-11-08 | 7.8 | CVE-2022-20441 MISC |
google — android | In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-210065877 | 2022-11-08 | 7.8 | CVE-2022-20450 MISC |
google — android | In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235098883 | 2022-11-08 | 7.8 | CVE-2022-20451 MISC |
google — android | In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318 | 2022-11-08 | 7.8 | CVE-2022-20452 MISC |
google — android | In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230356196 | 2022-11-08 | 7.8 | CVE-2022-20462 MISC |
google — android | In telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319132; Issue ID: ALPS07319132. | 2022-11-08 | 7.8 | CVE-2022-32601 MISC |
google — android | Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution. | 2022-11-09 | 7.8 | CVE-2022-39880 MISC |
google — android | Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code. | 2022-11-09 | 7.8 | CVE-2022-39882 MISC |
google — android | Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API. | 2022-11-09 | 7.8 | CVE-2022-39883 MISC |
google — android | In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-225876506 | 2022-11-08 | 7.5 | CVE-2022-20445 MISC |
google — chrome | Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 2022-11-09 | 9.6 | CVE-2022-3890 MISC MISC |
google — chrome | Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-09 | 8.8 | CVE-2022-3445 MISC MISC |
google — chrome | Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-09 | 8.8 | CVE-2022-3446 MISC MISC |
google — chrome | Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-09 | 8.8 | CVE-2022-3448 MISC MISC |
google — chrome | Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | 2022-11-09 | 8.8 | CVE-2022-3449 MISC MISC |
google — chrome | Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-09 | 8.8 | CVE-2022-3450 MISC MISC |
google — chrome | Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-09 | 8.8 | CVE-2022-3885 MISC MISC |
google — chrome | Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-09 | 8.8 | CVE-2022-3886 MISC MISC |
google — chrome | Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-09 | 8.8 | CVE-2022-3887 MISC MISC |
google — chrome | Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-09 | 8.8 | CVE-2022-3888 MISC MISC |
google — chrome | Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-11-09 | 8.8 | CVE-2022-3889 MISC MISC |
grafana — grafana | Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds. | 2022-11-08 | 8.1 | CVE-2022-39328 CONFIRM |
hcltech — domino | HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. | 2022-11-04 | 8.8 | CVE-2022-38660 MISC |
html2xhtml_project — html2xhtml | html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file. | 2022-11-08 | 8.1 | CVE-2022-44311 MISC |
huawei — emui | The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. | 2022-11-09 | 9.8 | CVE-2022-44562 MISC MISC |
huawei — emui | Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability. | 2022-11-08 | 7.5 | CVE-2022-44556 MISC |
huawei — harmonyos | The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback. | 2022-11-09 | 9.8 | CVE-2021-46851 MISC MISC |
huawei — harmonyos | The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | 2022-11-09 | 7.5 | CVE-2021-46852 MISC MISC |
huawei — harmonyos | The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart. | 2022-11-09 | 7.5 | CVE-2022-44546 MISC MISC |
huawei — harmonyos | The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability. | 2022-11-09 | 7.5 | CVE-2022-44547 MISC MISC |
huawei — harmonyos | The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality. | 2022-11-09 | 7.5 | CVE-2022-44549 MISC MISC |
huawei — harmonyos | The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability. | 2022-11-09 | 7.5 | CVE-2022-44550 MISC MISC |
human_resource_management_system_project — human_resource_management_system | Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. | 2022-11-07 | 8.8 | CVE-2022-43318 MISC |
inhandnetworks — ir302_firmware | A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-11-09 | 8.8 | CVE-2022-28689 MISC CONFIRM |
inhandnetworks — ir302_firmware | A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-11-09 | 8.8 | CVE-2022-30543 CONFIRM MISC |
inhandnetworks — ir302_firmware | A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. | 2022-11-09 | 8.1 | CVE-2022-29888 MISC CONFIRM |
jhead_project — jhead | jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. | 2022-11-04 | 7.8 | CVE-2021-34055 MISC |
linux — linux_kernel | The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2022-11-04 | 7.5 | CVE-2022-43945 MISC |
mahara — mahara | Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. | 2022-11-06 | 9.8 | CVE-2022-44544 MISC MISC |
mahara — mahara | In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions. | 2022-11-06 | 7.5 | CVE-2022-42707 MISC MISC |
maxonerp — maxon | A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039. | 2022-11-07 | 9.8 | CVE-2022-3878 MISC MISC |
mediatek — lr12a | In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118. | 2022-11-08 | 7.5 | CVE-2022-26446 MISC |
mendix — saml | A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 7 compatible) (All versions >= V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `’Allow Idp Initiated Authentication’` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration. | 2022-11-08 | 9.8 | CVE-2022-44457 MISC |
microsoft — azure_iot_edge_for_linux | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. | 2022-11-09 | 7 | CVE-2022-38014 MISC |
microsoft — azure_rtos_filex | Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This function iterates through the log entries and performs required recovery operations. When properly crafted a log including entries of type `FX_FAULT_TOLERANT_DIR_LOG_TYPE` may be utilized to introduce unexpected behavior. This issue has been patched in version 6.2.0. A workaround to fix line 218 in fx_fault_tolerant_apply_logs.c is documented in the GHSA. | 2022-11-08 | 7.8 | CVE-2022-39343 CONFIRM MISC |
microsoft — azure_rtos_usbx | Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function prevents buffer overflow during handling of DFU UPLOAD command when current state is `UX_SYSTEM_DFU_STATE_DFU_IDLE`. This issue has been patched, please upgrade to version 6.1.12. As a workaround, add the `UPLOAD_LENGTH` check in all possible states. | 2022-11-04 | 9.8 | CVE-2022-39344 CONFIRM |
microsoft — dwm_core_library | Microsoft DWM Core Library Elevation of Privilege Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41096 MISC |
microsoft — excel | Microsoft Excel Security Feature Bypass Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41104 MISC |
microsoft — excel | Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41063. | 2022-11-09 | 7.8 | CVE-2022-41106 MISC |
microsoft — exchange_server | Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123. | 2022-11-09 | 9.8 | CVE-2022-41080 MISC |
microsoft — exchange_server | Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080. | 2022-11-09 | 7.8 | CVE-2022-41123 MISC |
microsoft — exchange_server | Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41079. | 2022-11-09 | 7.5 | CVE-2022-41078 MISC |
microsoft — exchange_server | Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41078. | 2022-11-09 | 7.5 | CVE-2022-41079 MISC |
microsoft — microsoft_excel | Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41106. | 2022-11-09 | 7.8 | CVE-2022-41063 MISC |
microsoft — microsoft_wod | Microsoft Word Remote Code Execution Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41061 MISC |
microsoft — office | Microsoft Office Graphics Remote Code Execution Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41107 MISC |
microsoft — sharepoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability. | 2022-11-09 | 8.8 | CVE-2022-41062 MISC |
microsoft — visual_studio_2017 | Visual Studio Remote Code Execution Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41119 MISC |
microsoft — windows_server_2008 | Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41048. | 2022-11-09 | 8.8 | CVE-2022-41047 MISC |
microsoft — windows_server_2008 | Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41047. | 2022-11-09 | 8.8 | CVE-2022-41048 MISC |
microsoft — windows_server_2008 | Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118. | 2022-11-09 | 8.8 | CVE-2022-41128 MISC |
microsoft — windows_server_2008 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. | 2022-11-09 | 8.1 | CVE-2022-37966 MISC |
microsoft — windows_server_2008 | Netlogon RPC Elevation of Privilege Vulnerability. | 2022-11-09 | 8.1 | CVE-2022-38023 MISC |
microsoft — windows_server_2008 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41044, CVE-2022-41088. | 2022-11-09 | 8.1 | CVE-2022-41039 MISC |
microsoft — windows_server_2008 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41088. | 2022-11-09 | 8.1 | CVE-2022-41044 MISC |
microsoft — windows_server_2008 | Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41086. | 2022-11-09 | 7.8 | CVE-2022-37992 MISC |
microsoft — windows_server_2008 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41093, CVE-2022-41100. | 2022-11-09 | 7.8 | CVE-2022-41045 MISC |
microsoft — windows_server_2008 | Windows HTTP.sys Elevation of Privilege Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41057 MISC |
microsoft — windows_server_2008 | Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability. | 2022-11-09 | 7.5 | CVE-2022-41056 MISC |
microsoft — windows_server_2008 | Windows Network Address Translation (NAT) Denial of Service Vulnerability. | 2022-11-09 | 7.5 | CVE-2022-41058 MISC |
microsoft — windows_server_2008 | Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41128. | 2022-11-09 | 7.5 | CVE-2022-41118 MISC |
microsoft — windows_server_2008 | Windows Kerberos Elevation of Privilege Vulnerability. | 2022-11-09 | 7.2 | CVE-2022-37967 MISC |
microsoft — windows_server_2012 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41125 MISC |
microsoft — windows_sysmon | Microsoft Windows Sysmon Elevation of Privilege Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41120 MISC |
n-prolog_project — n-prolog | N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c. | 2022-11-08 | 7.5 | CVE-2022-43343 MISC |
nec — expresscluster_x_singleserversafe | Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | 2022-11-08 | 9.8 | CVE-2022-34822 MISC |
nec — expresscluster_x_singleserversafe | Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | 2022-11-08 | 9.8 | CVE-2022-34823 MISC |
nec — expresscluster_x_singleserversafe | Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | 2022-11-08 | 9.8 | CVE-2022-34824 MISC |
nec — expresscluster_x_singleserversafe | Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | 2022-11-08 | 9.8 | CVE-2022-34825 MISC |
netwrix — auditor | Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors. | 2022-11-08 | 9.8 | CVE-2022-31199 MISC |
objectfirst — object_first | An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn’t produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in 1.0.13.1611. | 2022-11-07 | 9.8 | CVE-2022-44796 MISC |
objectfirst — object_first | An issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn’t validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611. | 2022-11-07 | 8.8 | CVE-2022-44794 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity. | 2022-11-09 | 9.8 | CVE-2022-43058 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test. | 2022-11-07 | 7.2 | CVE-2022-43051 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete. | 2022-11-07 | 7.2 | CVE-2022-43052 MISC |
online_tours_and_travels_management_system_project — online_tours_and_travels_management_system | Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-11-07 | 7.2 | CVE-2022-43050 MISC |
openfga — openfga | OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset relation (the right hand side of a ‘from’ statement). This issue has been patched in version v0.2.5. This update is not backward compatible with any authorization model that uses wildcard on a tupleset relation. | 2022-11-08 | 9.8 | CVE-2022-39352 CONFIRM |
opensuse — openldap2 | A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1. | 2022-11-09 | 7.8 | CVE-2022-31253 CONFIRM |
opmc — woocommerce_dropshipping | The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection | 2022-11-07 | 9.8 | CVE-2022-3481 CONFIRM |
parseplatform — parse-server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This issue is patched in version 5.3.1 and in 4.10.18. There are no known workarounds. | 2022-11-10 | 9.8 | CVE-2022-39396 CONFIRM |
passwork — passwork | The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials. | 2022-11-07 | 7.5 | CVE-2022-42955 MISC MISC |
passwork — passwork | The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password. | 2022-11-07 | 7.5 | CVE-2022-42956 MISC MISC |
pattersondental — eaglesoft | Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file. | 2022-11-07 | 7.8 | CVE-2022-37710 MISC |
phoenix_contact — fl_mguard_dm |
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections. | 2022-11-09 | 7.5 | CVE-2021-34579 MISC |
powercom_co_ltd — upsmon_pro | UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data. | 2022-11-10 | 7.5 | CVE-2022-38122 MISC |
powercom_co_ltd — upsmon_pro |
UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service. | 2022-11-10 | 9.8 | CVE-2022-38119 MISC |
pymatgen — pymatgen | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method | 2022-11-09 | 7.5 | CVE-2022-42964 MISC |
python — python | Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. | 2022-11-07 | 7.8 | CVE-2022-42919 MISC |
python — python | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. | 2022-11-09 | 7.5 | CVE-2022-45061 MISC |
python-poetry — cleo | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method | 2022-11-09 | 7.5 | CVE-2022-42966 MISC |
qemu — qemu | An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | 2022-11-07 | 8.6 | CVE-2022-3872 MISC |
really-simple-plugins — complianz | The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML. | 2022-11-07 | 8.8 | CVE-2022-3494 CONFIRM |
roxyfileman — roxy_fileman | Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.) | 2022-11-09 | 9.8 | CVE-2022-40797 MISC MISC MISC |
samsung — billing | Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information. | 2022-11-09 | 7.5 | CVE-2022-39890 MISC |
samsung — exynos_firmware | Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory. | 2022-11-09 | 9.1 | CVE-2022-39881 MISC |
samsung — pass | Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature. | 2022-11-09 | 9.8 | CVE-2022-39892 MISC |
sanitization_management_system_project — sanitization_management_system | A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=save_quote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213012. | 2022-11-05 | 9.8 | CVE-2022-3868 N/A N/A |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. | 2022-11-07 | 7.2 | CVE-2022-43350 MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote. | 2022-11-07 | 7.2 | CVE-2022-43352 MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random, based on access rights of the memory, repeated success is not assured. | 2022-11-08 | 7.8 | CVE-2022-41211 MISC MISC |
sap — businessobjects_business_intelligence | In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system. | 2022-11-08 | 8.8 | CVE-2022-41203 MISC MISC |
schneider-electric — ecostruxure_operator_terminal_expert | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | 2022-11-04 | 7.8 | CVE-2022-41669 MISC |
schneider-electric — ecostruxure_operator_terminal_expert | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | 2022-11-04 | 7.8 | CVE-2022-41670 MISC |
schneider-electric — ecostruxure_operator_terminal_expert | A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | 2022-11-04 | 7.8 | CVE-2022-41671 MISC |
siemens — 7kg9501-0aa01-2aa1_firmware | A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user’s account through the activated session. | 2022-11-08 | 8.8 | CVE-2022-43398 MISC |
siemens — 7kg9501-0aa01-2aa1_firmware | A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device. | 2022-11-08 | 8.8 | CVE-2022-43439 MISC |
siemens — 7kg9501-0aa01-2aa1_firmware | A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device. | 2022-11-08 | 8.8 | CVE-2022-43545 MISC |
siemens — 7kg9501-0aa01-2aa1_firmware | A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device. | 2022-11-08 | 8.8 | CVE-2022-43546 MISC |
siemens — jt2go | A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2022-11-08 | 7.8 | CVE-2022-39136 MISC |
siemens — jt2go | A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2022-11-08 | 7.8 | CVE-2022-41660 MISC |
siemens — jt2go | A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2022-11-08 | 7.8 | CVE-2022-41661 MISC |
siemens — jt2go | A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2022-11-08 | 7.8 | CVE-2022-41662 MISC |
siemens — jt2go | A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2022-11-08 | 7.8 | CVE-2022-41663 MISC |
siemens — jt2go | A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | 2022-11-08 | 7.8 | CVE-2022-41664 MISC |
siemens — parasolid | A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.0 (All versions >= V34.0.252 < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V34.1 (All versions >= V34.1.242 < V34.1.244), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.0 (All versions >= V35.0.170 < V35.0.184). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17745) | 2022-11-08 | 7.8 | CVE-2022-39157 MISC |
siemens — parasolid | A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17854) | 2022-11-08 | 7.8 | CVE-2022-43397 MISC |
siemens — qms_automotive | A vulnerability has been identified in QMS Automotive (All versions). User credentials are stored in plaintext in the database. This could allow an attacker to gain access to credentials and impersonate other users. | 2022-11-08 | 9.1 | CVE-2022-43958 MISC |
simple_e-learning_system_project — simple_e-learning_system | An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. | 2022-11-07 | 7.5 | CVE-2022-43319 MISC |
slidervilla — testimonial_slider | Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. | 2022-11-08 | 8.8 | CVE-2022-44741 CONFIRM CONFIRM |
snowflake — snowflake-connector-python | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method | 2022-11-09 | 7.5 | CVE-2022-42965 MISC |
soflyy — wp_all_import | The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. | 2022-11-07 | 7.2 | CVE-2022-2711 CONFIRM |
soflyy — wp_all_import | The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files | 2022-11-07 | 7.2 | CVE-2022-3418 CONFIRM |
splunk — splunk | In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | 2022-11-04 | 8.8 | CVE-2022-43563 MISC |
splunk — splunk | In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. | 2022-11-04 | 8.8 | CVE-2022-43565 MISC |
splunk — splunk | In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. | 2022-11-04 | 8.8 | CVE-2022-43567 MISC MISC |
splunk — splunk | In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | 2022-11-04 | 8 | CVE-2022-43566 MISC MISC |
symantec — endpoint_detection_and_response | Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 2022-11-08 | 9.8 | CVE-2022-37015 MISC |
trellix — intrusion_prevention_system_manager | XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. | 2022-11-04 | 7.2 | CVE-2022-3340 CONFIRM |
tuxera — ntfs-3g | A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. | 2022-11-06 | 7.8 | CVE-2022-40284 MISC MISC |
varnish-software — varnish_cache_plus | An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | 2022-11-09 | 7.5 | CVE-2022-45060 MISC MISC |
varnish_cache_project — varnish_cache | An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. | 2022-11-09 | 7.5 | CVE-2022-45059 MISC |
vmware — workspace_one_assist | VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | 2022-11-09 | 9.8 | CVE-2022-31685 MISC |
vmware — workspace_one_assist | VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | 2022-11-09 | 9.8 | CVE-2022-31686 MISC |
vmware — workspace_one_assist | VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | 2022-11-09 | 9.8 | CVE-2022-31687 MISC |
vmware — workspace_one_assist | VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. | 2022-11-09 | 9.8 | CVE-2022-31689 MISC |
wago — i/o-check_service | In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. | 2022-11-09 | 7.5 | CVE-2021-34568 MISC |
wago — i/o-check_service |
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory. | 2022-11-09 | 9.8 | CVE-2021-34569 MISC |
wago — i/o-check_service |
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. | 2022-11-09 | 9.1 | CVE-2021-34566 MISC |
wago — i/o-check_service |
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. | 2022-11-09 | 8.2 | CVE-2021-34567 MISC |
wiesemann_&_theis — multiple_products | Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage | 2022-11-10 | 8 | CVE-2022-42786 MISC |
windows — advanced_local_procedure_call | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41100. | 2022-11-09 | 7.8 | CVE-2022-41093 MISC |
windows — advanced_local_procedure_call | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41093. | 2022-11-09 | 7.8 | CVE-2022-41100 MISC |
windows — bind_filter_driver | Windows Bind Filter Driver Elevation of Privilege Vulnerability. | 2022-11-09 | 7 | CVE-2022-41114 MISC |
windows — digital_media_receiver | Windows Digital Media Receiver Elevation of Privilege Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41095 MISC |
windows — extensible_file_allocation_table | Windows Extensible File Allocation Table Elevation of Privilege Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41050 MISC |
windows — graphics_component | Windows Graphics Component Remote Code Execution Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41052 MISC |
windows — kerberos | Windows Kerberos Denial of Service Vulnerability. | 2022-11-09 | 7.5 | CVE-2022-41053 MISC |
windows — overlay_filter | Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41102. | 2022-11-09 | 7.8 | CVE-2022-41101 MISC |
windows — overlay_filter | Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41101. | 2022-11-09 | 7.8 | CVE-2022-41102 MISC |
windows — point-to-point_tunneling_protocol |
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41044. | 2022-11-09 | 8.1 | CVE-2022-41088 MISC |
windows — print_spooler | Windows Print Spooler Elevation of Privilege Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41073 MISC |
windows — resilient_file_system | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41054 MISC |
windows — win32 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. | 2022-11-09 | 7.8 | CVE-2022-41113 MISC |
windows — win32k | Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41109. | 2022-11-09 | 7.8 | CVE-2022-41092 MISC |
windows — win32k | Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41092. | 2022-11-09 | 7.8 | CVE-2022-41109 MISC |
wolfssl — wolfssl | In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.) | 2022-11-07 | 9.1 | CVE-2022-42905 MISC MISC |
xfce — xfce4-settings | In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. | 2022-11-09 | 9.8 | CVE-2022-45062 MISC MISC MISC MISC |
xwiki — openid_connect | XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the oidc.endpoint.* request parameters (or by using an XWiki-based OpenID provider with oidc.xwikiprovider. With the same approach, one could also provide a specific group mapping through oidc.groups.mapping that would make his user automatically part of the XWikiAdminGroup. This issue has been patched, please upgrade to 1.29.1. There is no workaround, an upgrade of the authenticator is required. | 2022-11-04 | 7.5 | CVE-2022-39387 MISC CONFIRM MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
5-anker — 5_anker_connect | Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress. | 2022-11-08 | 4.8 | CVE-2022-30545 CONFIRM CONFIRM |
acronis — cyber_protect_home_office | Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | 2022-11-07 | 5.5 | CVE-2022-44745 MISC |
acronis — cyber_protect_home_office | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | 2022-11-07 | 5.5 | CVE-2022-44746 MISC |
addify — product_stock_manager | The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options | 2022-11-07 | 4.3 | CVE-2022-3451 CONFIRM |
aioseo — all_in_one_seo | Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress. | 2022-11-08 | 6.5 | CVE-2022-42494 CONFIRM CONFIRM |
algolplus — advanced_dynamic_pricing_for_woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration. | 2022-11-09 | 4.3 | CVE-2022-43488 CONFIRM CONFIRM |
algolplus — advanced_dynamic_pricing_for_woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import. | 2022-11-08 | 4.3 | CVE-2022-43491 CONFIRM CONFIRM |
algolplus — advanced_order_export | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. | 2022-11-08 | 6.5 | CVE-2022-40128 CONFIRM CONFIRM |
bluetooth — bluetooth_core_specification | An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel. | 2022-11-08 | 4.3 | CVE-2020-35473 MISC MISC |
canteen_management_system_project — canteen_management_system | A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2022-11-08 | 5.4 | CVE-2022-43144 MISC MISC MISC |
cisco — asyncos | A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system. | 2022-11-04 | 6.5 | CVE-2022-20867 MISC |
cisco — asyncos | A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device. | 2022-11-04 | 6.5 | CVE-2022-20942 MISC |
cisco — broadworks_messaging_server | A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} [“%7b%7bvalue%7d%7d”])}]] | 2022-11-04 | 6.5 | CVE-2022-20951 MISC |
cisco — email_security_appliance_firmware | A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. | 2022-11-04 | 5.3 | CVE-2022-20772 MISC |
cisco — identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid credentials to access the web-based management interface of an affected device. | 2022-11-04 | 5.4 | CVE-2022-20963 MISC |
cisco — identity_services_engine | A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability. | 2022-11-04 | 5.3 | CVE-2022-20937 MISC |
cisco — umbrella | A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. | 2022-11-04 | 5.4 | CVE-2022-20969 MISC |
codeandmore — wp_page_widget | Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change. | 2022-11-08 | 4.3 | CVE-2022-32587 CONFIRM CONFIRM |
csphere — clansphere | A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter. | 2022-11-09 | 6.1 | CVE-2022-43119 MISC |
diagrams — drawio | Cross-site Scripting (XSS) – DOM in GitHub repository jgraph/drawio prior to 20.5.2. | 2022-11-07 | 6.1 | CVE-2022-3873 CONFIRM MISC |
diplib — diplib | diplib v3.0.0 is vulnerable to Double Free. | 2022-11-04 | 6.5 | CVE-2021-39432 MISC MISC |
electronjs — electron | The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn’t possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on(‘will-redirect’)` event, for all WebContents as a workaround. | 2022-11-08 | 6.1 | CVE-2022-36077 CONFIRM |
eyesofnetwork — web_interface | EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php. | 2022-11-08 | 6.1 | CVE-2022-41434 MISC |
eyesofnetwork — web_interface | EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php. | 2022-11-08 | 4.8 | CVE-2022-41432 MISC |
eyesofnetwork — web_interface | EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php. | 2022-11-08 | 4.8 | CVE-2022-41433 MISC |
f-secure — safe | WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 3 of 5). | 2022-11-07 | 6.5 | CVE-2022-38164 MISC MISC |
fatcatapps — analytics_cat | Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change. | 2022-11-08 | 4.3 | CVE-2022-27855 CONFIRM CONFIRM |
feehi — feehicms | FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer. | 2022-11-09 | 6.1 | CVE-2022-43320 MISC |
flatcore — flatcore-cms | A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. | 2022-11-09 | 6.1 | CVE-2022-43118 MISC |
food_ordering_management_system_project — food_ordering_management_system | Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php. | 2022-11-07 | 4.8 | CVE-2022-43046 MISC |
froxlor — froxlor | Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. | 2022-11-05 | 6.1 | CVE-2022-3869 CONFIRM MISC |
gitlab — gitlab | An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. | 2022-11-09 | 6.1 | CVE-2022-3280 CONFIRM MISC MISC |
gitlab — gitlab | An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. | 2022-11-09 | 6.1 | CVE-2022-3486 MISC MISC CONFIRM |
gitlab — gitlab | A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | 2022-11-09 | 5.4 | CVE-2022-3265 MISC MISC CONFIRM |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration’s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. | 2022-11-09 | 5.4 | CVE-2022-3483 MISC MISC CONFIRM |
gitlab — gitlab | An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don’t have access to. | 2022-11-09 | 5.3 | CVE-2022-2761 MISC MISC CONFIRM |
gitlab — gitlab | An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don’t have access to. | 2022-11-10 | 5.3 | CVE-2022-3793 CONFIRM MISC |
gitlab — gitlab | An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance. | 2022-11-10 | 5.3 | CVE-2022-3818 MISC CONFIRM |
gitlab — gitlab | Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project’s Audit Events and Developers or Maintainers to view the group’s Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above. | 2022-11-10 | 4.3 | CVE-2022-3413 MISC CONFIRM |
gitlab — gitlab | Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn’t have access to that project. | 2022-11-10 | 4.3 | CVE-2022-3706 MISC CONFIRM |
gitlab — gitlab | An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don’t have access to. | 2022-11-10 | 4.3 | CVE-2022-3819 CONFIRM MISC |
google — android | In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262364; Issue ID: ALPS07262364. | 2022-11-08 | 6.8 | CVE-2022-32617 MISC |
google — android | In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262454; Issue ID: ALPS07262454. | 2022-11-08 | 6.8 | CVE-2022-32618 MISC |
google — android | In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242096164 | 2022-11-08 | 6.7 | CVE-2022-20454 MISC |
google — android | In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID: ALPS06382421. | 2022-11-08 | 6.7 | CVE-2022-21778 MISC |
google — android | In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704. | 2022-11-08 | 6.7 | CVE-2022-32603 MISC |
google — android | In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ALPS07213898. | 2022-11-08 | 6.7 | CVE-2022-32605 MISC |
google — android | In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891. | 2022-11-08 | 6.7 | CVE-2022-32607 MISC |
google — android | In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373. | 2022-11-08 | 6.7 | CVE-2022-32611 MISC |
google — android | In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571. | 2022-11-08 | 6.7 | CVE-2022-32614 MISC |
google — android | In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559. | 2022-11-08 | 6.7 | CVE-2022-32615 MISC |
google — android | In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341258; Issue ID: ALPS07341258. | 2022-11-08 | 6.7 | CVE-2022-32616 MISC |
google — android | In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233604485 | 2022-11-08 | 6.5 | CVE-2022-20447 MISC |
google — android | In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753. | 2022-11-08 | 6.4 | CVE-2022-32608 MISC |
google — android | In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410. | 2022-11-08 | 6.4 | CVE-2022-32609 MISC |
google — android | In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476. | 2022-11-08 | 6.4 | CVE-2022-32610 MISC |
google — android | In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500. | 2022-11-08 | 6.4 | CVE-2022-32612 MISC |
google — android | In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. | 2022-11-08 | 6.4 | CVE-2022-32613 MISC |
google — android | In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234441463 | 2022-11-08 | 5.5 | CVE-2022-20414 MISC |
google — android | In multiple functions of many files, there is a possible obstruction of the user’s ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-236263294 | 2022-11-08 | 5.5 | CVE-2022-20426 MISC |
google — android | In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-237540408 | 2022-11-08 | 5.5 | CVE-2022-20448 MISC |
google — android | In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240685104 | 2022-11-08 | 5.5 | CVE-2022-20453 MISC |
google — android | In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243924784 | 2022-11-08 | 5.5 | CVE-2022-20457 MISC |
google — android | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388790; Issue ID: ALPS07388790. | 2022-11-08 | 5.5 | CVE-2022-32602 MISC |
google — android | In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-218500036 | 2022-11-08 | 4.6 | CVE-2022-20465 MISC |
google — chrome | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) | 2022-11-09 | 4.3 | CVE-2022-3447 MISC MISC |
grafana — grafana | Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds. | 2022-11-09 | 5.3 | CVE-2022-39307 CONFIRM |
gvectors — wpforo_forum | Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion. | 2022-11-08 | 5.4 | CVE-2022-40632 CONFIRM CONFIRM |
gvectors — wpforo_forum | Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. | 2022-11-08 | 4.3 | CVE-2022-40205 CONFIRM CONFIRM |
gvectors — wpforo_forum | Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. | 2022-11-08 | 4.3 | CVE-2022-40206 CONFIRM CONFIRM |
hcltech — domino | HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user’s person record. | 2022-11-04 | 5.5 | CVE-2022-38654 MISC |
highlight_focus_project — highlight_focus | The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-11-07 | 4.8 | CVE-2022-3462 CONFIRM |
hotelmanager_project — hotelmanager | Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields. | 2022-11-04 | 5.4 | CVE-2021-39473 MISC MISC |
huawei — harmonyos | There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality. | 2022-11-09 | 5.9 | CVE-2022-44563 MISC MISC |
huawei — harmonyos | There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. | 2022-11-09 | 4.3 | CVE-2022-44548 MISC MISC |
human_resource_management_system_project — human_resource_management_system | A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2022-11-07 | 6.1 | CVE-2022-43317 MISC |
infotel — tasklists | tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting (XSS) – Create XSS in task content (when add it). This issue is patched in version 2.0.3. There are no known workarounds. | 2022-11-10 | 6.1 | CVE-2022-39398 CONFIRM MISC |
inhandnetworks — ir302_firmware | A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-11-09 | 6.5 | CVE-2022-26023 MISC CONFIRM |
inhandnetworks — ir302_firmware | A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-11-09 | 6.5 | CVE-2022-29481 CONFIRM MISC |
intelliants — subrion_cms | A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field. | 2022-11-09 | 6.1 | CVE-2022-43120 MISC |
intelliants — subrion_cms | A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. | 2022-11-09 | 6.1 | CVE-2022-43121 MISC |
joomla — joomla\! | An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | 2022-11-08 | 6.1 | CVE-2022-27914 MISC |
kaden — picoflux_air_water_meter | In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device. | 2022-11-09 | 6.5 | CVE-2021-34577 MISC |
lenovo — elan_miniport_touchpad_driver | ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. | 2022-11-07 | 4.7 | CVE-2021-42205 MISC |
mcafee — data_exchange_layer | Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker. | 2022-11-07 | 5.5 | CVE-2022-2188 MISC |
microsoft — .net_framework | .NET Framework Information Disclosure Vulnerability. | 2022-11-09 | 5.8 | CVE-2022-41064 MISC |
microsoft — bitlocker | BitLocker Security Feature Bypass Vulnerability. | 2022-11-09 | 4.6 | CVE-2022-41099 MISC |
microsoft — dynamics_365_business_central | Microsoft Business Central Information Disclosure Vulnerability. | 2022-11-09 | 4.4 | CVE-2022-41066 MISC |
microsoft — microsoft_word | Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41103. | 2022-11-09 | 5.5 | CVE-2022-41060 MISC |
microsoft — microsoft_word | Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41060. | 2022-11-09 | 5.5 | CVE-2022-41103 MISC |
microsoft — network_policy_server_radius | Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability. | 2022-11-09 | 6.5 | CVE-2022-41097 MISC |
microsoft — office | Microsoft Excel Information Disclosure Vulnerability. | 2022-11-09 | 5.5 | CVE-2022-41105 MISC |
microsoft — sharepoint_foundation | Microsoft SharePoint Server Spoofing Vulnerability. | 2022-11-09 | 6.5 | CVE-2022-41122 MISC |
microsoft — windows_10 | Windows Hyper-V Denial of Service Vulnerability. | 2022-11-09 | 6.5 | CVE-2022-38015 MISC |
microsoft — windows_server_2008 | Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37992. | 2022-11-09 | 6.4 | CVE-2022-41086 MISC |
microsoft — windows_server_2019 | Windows Human Interface Device Information Disclosure Vulnerability. | 2022-11-09 | 5.5 | CVE-2022-41055 MISC |
net-snmp — net-snmp | handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 2022-11-07 | 6.5 | CVE-2022-44792 MISC MISC |
net-snmp — net-snmp | handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 2022-11-07 | 6.5 | CVE-2022-44793 MISC MISC |
objectfirst — object_first | An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611. | 2022-11-07 | 6.5 | CVE-2022-44795 MISC |
openzeppelin — contracts | OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization. | 2022-11-04 | 5.6 | CVE-2022-39384 MISC CONFIRM |
paloaltonetworks — cortex_xsoar | A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges. | 2022-11-09 | 6.7 | CVE-2022-0031 MISC |
perfexcrm — perfex_crm | perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile. | 2022-11-08 | 5.4 | CVE-2021-40303 MISC |
picoc_project — picoc | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator. | 2022-11-08 | 5.5 | CVE-2022-44312 MISC MISC |
picoc_project — picoc | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall. | 2022-11-08 | 5.5 | CVE-2022-44313 MISC MISC |
picoc_project — picoc | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall. | 2022-11-08 | 5.5 | CVE-2022-44314 MISC MISC |
picoc_project — picoc | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall. | 2022-11-08 | 5.5 | CVE-2022-44315 MISC MISC |
picoc_project — picoc | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken. | 2022-11-08 | 5.5 | CVE-2022-44316 MISC MISC |
picoc_project — picoc | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall. | 2022-11-08 | 5.5 | CVE-2022-44317 MISC MISC |
picoc_project — picoc | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall. | 2022-11-08 | 5.5 | CVE-2022-44318 MISC MISC |
picoc_project — picoc | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall. | 2022-11-08 | 5.5 | CVE-2022-44319 MISC MISC |
picoc_project — picoc | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall. | 2022-11-08 | 5.5 | CVE-2022-44320 MISC MISC |
picoc_project — picoc | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken. | 2022-11-08 | 5.5 | CVE-2022-44321 MISC MISC |
powercom_co_ltd — upsmon_pro | UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files. | 2022-11-10 | 6.5 | CVE-2022-38120 MISC |
powercom_co_ltd — upsmon_pro | UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators’ account names and passwords via this unprotected configuration file. | 2022-11-10 | 6.5 | CVE-2022-38121 MISC |
rymera — advanced_coupons | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal. | 2022-11-08 | 4.3 | CVE-2022-43481 CONFIRM CONFIRM |
samsung — editor_lite | Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information. | 2022-11-09 | 5.5 | CVE-2022-39891 MISC |
sandhillsdev — easy_digital_downloads | The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack | 2022-11-07 | 4.3 | CVE-2022-2387 CONFIRM |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | 2022-11-07 | 6.5 | CVE-2022-43351 MISC |
sap — biller_direct | SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker’s choosing which can result in disclosure or modification of the victim’s information. | 2022-11-08 | 6.1 | CVE-2022-41207 MISC MISC |
sap — financial_consolidation | Due to insufficient input validation, SAP Financial Consolidation – version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application. | 2022-11-08 | 6.5 | CVE-2022-41258 MISC MISC |
sap — financial_consolidation | SAP Financial Consolidation – version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | 2022-11-08 | 6.1 | CVE-2022-41260 MISC MISC |
sap — financial_consolidation | Due to insufficient input validation, SAP Financial Consolidation – version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application. | 2022-11-08 | 5.4 | CVE-2022-41208 MISC MISC |
sap — gui | SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application. | 2022-11-08 | 6.1 | CVE-2022-41205 MISC MISC |
sap — netweaver_application_server_abap | Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application. | 2022-11-08 | 6.5 | CVE-2022-41214 MISC MISC |
sap — netweaver_application_server_abap | Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application. | 2022-11-08 | 4.9 | CVE-2022-41212 MISC MISC |
sap — netweaver_application_server_abap | SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | 2022-11-08 | 4.7 | CVE-2022-41215 MISC MISC |
sap — sql_anywhere | SAP SQL Anywhere – version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. | 2022-11-08 | 6.5 | CVE-2022-41259 MISC MISC |
searchwp — searchwp | Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. | 2022-11-08 | 4.3 | CVE-2022-40223 CONFIRM CONFIRM |
shopwind — shopwind | Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. | 2022-11-09 | 6.1 | CVE-2022-43321 MISC MISC |
simple_video_embedder_project — simple_video_embedder | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao’s Simple Video Embedder plugin <= 2.2 on WordPress. | 2022-11-09 | 5.4 | CVE-2022-44590 CONFIRM CONFIRM |
splunk — splunk | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros. | 2022-11-04 | 6.5 | CVE-2022-43564 MISC |
splunk — splunk | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error. | 2022-11-04 | 6.5 | CVE-2022-43570 MISC |
splunk — splunk | In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. | 2022-11-04 | 6.5 | CVE-2022-43572 MISC |
splunk — splunk | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio. | 2022-11-04 | 6.1 | CVE-2022-43568 MISC MISC |
splunk — splunk | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. | 2022-11-04 | 5.4 | CVE-2022-43562 MISC |
splunk — splunk | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. | 2022-11-04 | 5.4 | CVE-2022-43569 MISC MISC |
stiltsoft — handy_macros_for_confluence | The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. | 2022-11-04 | 5.4 | CVE-2022-44724 MISC |
systemd_project — systemd | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | 2022-11-08 | 5.5 | CVE-2022-3821 MISC MISC MISC MISC |
vmware — workspace_one_assist | VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window. | 2022-11-09 | 6.1 | CVE-2022-31688 MISC |
watchdog — anti-virus | Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files. | 2022-11-04 | 6.5 | CVE-2022-38582 MISC |
webartesanal — mantenimiento_web | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress. | 2022-11-08 | 4.8 | CVE-2022-41980 CONFIRM CONFIRM |
weberge — wp_hide | The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request | 2022-11-07 | 5.3 | CVE-2022-3489 CONFIRM |
windows — gdi+ | Windows GDI+ Information Disclosure Vulnerability. | 2022-11-09 | 5.5 | CVE-2022-41098 MISC |
windows — mark_of_the_web_security_feature | Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41091. | 2022-11-09 | 5.4 | CVE-2022-41049 MISC |
windows — mark_of_the_web_security_feature | Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049. | 2022-11-09 | 5.4 | CVE-2022-41091 MISC |
windows — point-to-point_tunneling_protocol | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41116. | 2022-11-09 | 5.9 | CVE-2022-41090 MISC |
windows — point-to-point_tunneling_protocol | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41090. | 2022-11-09 | 5.9 | CVE-2022-41116 MISC |
windows_and_linux — nvidia_gpu_display_driver | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 2022-11-10 | 6.5 | CVE-2022-34666 MISC |
wpadvancedads — advanced_ads_-_ad_manager_\&_adsense | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress. | 2022-11-08 | 4.8 | CVE-2022-32776 CONFIRM CONFIRM |
zkteco — biotime | ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. | 2022-11-08 | 5.3 | CVE-2022-30515 MISC MISC |
zohocorp — zoho_crm_lead_magnet | Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. | 2022-11-09 | 6.5 | CVE-2022-41978 CONFIRM CONFIRM |
zte — zaip-aie | There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content. | 2022-11-08 | 5.3 | CVE-2022-39069 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
f-secure — safe | WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 2 of 5). | 2022-11-07 | 3.5 | CVE-2022-38163 MISC MISC |
google — android | In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-229793943 | 2022-11-08 | 3.3 | CVE-2022-20446 MISC |
google — android | In factoryReset of WifiServiceImpl, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to a local non-security issue across network factory resets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231985227 | 2022-11-08 | 3.3 | CVE-2022-20463 MISC |
google — android | Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. | 2022-11-09 | 3.3 | CVE-2022-39879 MISC |
google — android | Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. | 2022-11-09 | 3.3 | CVE-2022-39884 MISC |
google — android | Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. | 2022-11-09 | 3.3 | CVE-2022-39885 MISC |
google — android | Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. | 2022-11-09 | 3.3 | CVE-2022-39886 MISC |
google — android | Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting. | 2022-11-09 | 3.3 | CVE-2022-39887 MISC |
samsung — galaxy_buds_pro_manage | Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log. | 2022-11-09 | 3.3 | CVE-2022-39893 MISC |
samsung — galaxywatch4plugin | Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information. | 2022-11-09 | 3.3 | CVE-2022-39889 MISC |
siemens — simatic_wincc_runtime | A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | 2022-11-08 | 3.5 | CVE-2022-30694 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
agentflow –bpm_enterprise_management_system | Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service. | 2022-11-10 | not yet calculated | CVE-2022-39038 MISC MISC |
amd — link_android | Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. | 2022-11-09 | not yet calculated | CVE-2022-27673 MISC |
amd — multiple_products | Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | 2022-11-09 | not yet calculated | CVE-2020-12930 MISC |
amd — multiple_products | Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | 2022-11-09 | not yet calculated | CVE-2020-12931 MISC |
amd — multiple_products | An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP. | 2022-11-09 | not yet calculated | CVE-2021-26360 MISC |
amd — multiple_products | Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. | 2022-11-09 | not yet calculated | CVE-2021-26391 MISC |
amd — multiple_products | Insufficient verification of missing size check in ‘LoadModule’ may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. | 2022-11-09 | not yet calculated | CVE-2021-26392 MISC |
amd — multiple_products | Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality. | 2022-11-09 | not yet calculated | CVE-2021-26393 MISC |
amd — processors | IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | 2022-11-09 | not yet calculated | CVE-2022-23824 MISC MLIST |
amd — μProf | Insufficient validation of the IOCTL input buffer in AMD ?Prof may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. | 2022-11-09 | not yet calculated | CVE-2022-23831 MISC |
amd — μProf | Insufficient validation in the IOCTL input/output buffer in AMD ?Prof may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. | 2022-11-09 | not yet calculated | CVE-2022-27674 MISC |
arches — arches |
Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it’s possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds. | 2022-11-11 | not yet calculated | CVE-2022-41892 CONFIRM |
ayacms — ayacms | AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-11-10 | not yet calculated | CVE-2022-43074 MISC |
bmc_remedy — bmc_remedy | An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the “number of recipients” field. NOTE: the vendor’s position is that “no real impact is demonstrated.” | 2022-11-10 | not yet calculated | CVE-2022-26088 MISC |
btcd — btcd | btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. | 2022-11-07 | not yet calculated | CVE-2022-44797 MISC MISC MISC MISC |
cbrn-analysis — cbrn-analysis | CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. | 2022-11-12 | not yet calculated | CVE-2022-45193 MISC |
cbrn-analysis — cbrn-analysis | CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. | 2022-11-12 | not yet calculated | CVE-2022-45194 MISC |
contiki-ng — contiki-ng |
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the “develop” branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub. | 2022-11-11 | not yet calculated | CVE-2022-41873 CONFIRM MISC |
deeplearning4j — deeplearning4j | Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here. | 2022-11-10 | not yet calculated | CVE-2022-36022 CONFIRM MISC |
dotcms — dotcms | dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. (This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users.) Some Java application frameworks, including those used by Spring or Tomcat, allow the use of matrix parameters: these are URI parameters separated by semicolons. Through precise semicolon placement in a URI, it is possible to exploit this feature to avoid dotCMS’s path-based XSS prevention (such as “require login” filters), and consequently access restricted resources. For example, an attacker could place a semicolon immediately before a / character that separates elements of a filesystem path. This could reveal file content that is ordinarily only visible to signed-in users. This issue can be chained with other exploit code to achieve XSS attacks against dotCMS. | 2022-11-10 | not yet calculated | CVE-2022-35740 MISC MISC |
drogon — drogon |
A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464. | 2022-11-11 | not yet calculated | CVE-2022-3959 N/A N/A N/A N/A |
eclipse — californium | Eclipse Californium is a Java implementation of RFC7252 – Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don’t cleanup counters for throttling, causing the threshold to be reached without being released again. This results in permanently dropping records. The issue was reported for certificate based handshakes, but may also affect PSK based handshakes. It generally affects client and server as well. This issue is patched in version 3.7.0 and 2.7.4. There are no known workarounds. main: commit 726bac57659410da463dcf404b3e79a7312ac0b9 2.7.x: commit 5648a0c27c2c2667c98419254557a14bac2b1f3f | 2022-11-10 | not yet calculated | CVE-2022-39368 CONFIRM MISC MISC |
element_ios — element_ios |
Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds. | 2022-11-11 | not yet calculated | CVE-2022-41904 MISC CONFIRM |
eolinker — goku_lite | A vulnerability classified as critical has been found in eolinker goku_lite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213453 was assigned to this vulnerability. | 2022-11-11 | not yet calculated | CVE-2022-3947 N/A N/A N/A |
eolinker — goku_lite | A vulnerability classified as critical was found in eolinker goku_lite. This vulnerability affects unknown code of the file /plugin/getList. The manipulation of the argument route/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-213454 is the identifier assigned to this vulnerability. | 2022-11-11 | not yet calculated | CVE-2022-3948 N/A N/A N/A |
espcms — espcms |
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. | 2022-11-10 | not yet calculated | CVE-2022-44087 MISC MISC |
espcms — espcms |
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION. | 2022-11-10 | not yet calculated | CVE-2022-44088 MISC MISC |
espcms — espcms |
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE. | 2022-11-10 | not yet calculated | CVE-2022-44089 MISC MISC |
etic_telecom — remote_access_server | All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device. | 2022-11-10 | not yet calculated | CVE-2022-3703 MISC |
etic_telecom — remote_access_server | All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device. | 2022-11-10 | not yet calculated | CVE-2022-40981 MISC |
etic_telecom — remote_access_server | All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more. | 2022-11-10 | not yet calculated | CVE-2022-41607 MISC |
exiv2 — exiv2 | A vulnerability was found in Exiv2. It has been classified as problematic. This affects the function QuickTimeVideo::multipleEntriesDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to infinite loop. It is possible to initiate the attack remotely. The name of the patch is 771ead87321ae6e39e5c9f6f0855c58cde6648f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213459. | 2022-11-11 | not yet calculated | CVE-2022-3953 N/A N/A N/A |
fortbridge — plesk_obsidian | Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names (“Obsidian”), not numbers. | 2022-11-10 | not yet calculated | CVE-2022-45130 MISC |
foru — cms | A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability. | 2022-11-11 | not yet calculated | CVE-2022-3943 N/A N/A |
foxit — foxit_reader |
An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. | 2022-11-09 | not yet calculated | CVE-2022-43310 MISC MISC MISC |
gnuboard5 — gnuboard5 |
A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540. | 2022-11-12 | not yet calculated | CVE-2022-3963 N/A N/A |
go — vela | Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to Server 0.16.0, Worker 0.16.0, and UI 0.17.0 to fix the issue. After upgrading, Vela administrators will need to explicitly change the default settings to configure Vela as desired. Some of the fixes will interrupt existing workflows and will require Vela administrators to modify default settings. However, not applying the patch (or workarounds) will continue existing risk exposure. Some workarounds are available. Vela administrators can adjust the worker’s `VELA_RUNTIME_PRIVILEGED_IMAGES` setting to be explicitly empty, leverage the `VELA_REPO_ALLOWLIST` setting on the server component to restrict access to a list of repositories that are allowed to be enabled, and/or audit enabled repositories and disable pull_requests if they are not needed. | 2022-11-10 | not yet calculated | CVE-2022-39395 MISC MISC MISC MISC MISC CONFIRM MISC MISC MISC MISC |
gpac — gpac | A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463. | 2022-11-11 | not yet calculated | CVE-2022-3957 N/A N/A |
grafana — grafana | Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. This introduces a vulnerability which can be used with malicious intent. This issue is patched in version 9.2.4, and has been backported to 8.5.15. There are no known workarounds. | 2022-11-09 | not yet calculated | CVE-2022-39306 CONFIRM |
graphql — graphql | ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically administrators and editors. This issue has been patched in versions 2.3.12, and 1.0.13 on the 1.X branch. Users unable to upgrade can remove the “passwordHash” entry from “src/bundle/Resources/config/graphql/User.types.yaml” in the GraphQL package, and other properties like hash type, email, login if you prefer. | 2022-11-10 | not yet calculated | CVE-2022-41876 CONFIRM |
hashicorp — nomad_enterprise |
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2. | 2022-11-10 | not yet calculated | CVE-2022-3866 MISC |
hashicorp — nomad_enterprise |
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2. | 2022-11-10 | not yet calculated | CVE-2022-3867 MISC |
huawei — harmonyos | The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. | 2022-11-09 | not yet calculated | CVE-2022-44551 MISC MISC |
huawei — harmonyos | The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. | 2022-11-09 | not yet calculated | CVE-2022-44552 MISC MISC |
huawei — harmonyos | The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically. | 2022-11-09 | not yet calculated | CVE-2022-44553 MISC MISC |
huawei — harmonyos | The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device. | 2022-11-09 | not yet calculated | CVE-2022-44554 MISC MISC |
huawei — harmonyos | The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable. | 2022-11-09 | not yet calculated | CVE-2022-44555 MISC MISC |
huawei — harmonyos | The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality. | 2022-11-09 | not yet calculated | CVE-2022-44557 MISC MISC |
huawei — harmonyos | The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. | 2022-11-09 | not yet calculated | CVE-2022-44558 MISC MISC |
huawei — harmonyos | The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. | 2022-11-09 | not yet calculated | CVE-2022-44559 MISC MISC |
huawei — harmonyos | The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. | 2022-11-09 | not yet calculated | CVE-2022-44560 MISC MISC |
huawei — harmonyos | The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction. | 2022-11-09 | not yet calculated | CVE-2022-44561 MISC MISC |
hyperledger — hyperledger_fabric |
Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist. | 2022-11-12 | not yet calculated | CVE-2022-45196 MISC MISC |
ibm — cloud_pak_for_security | IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663. | 2022-11-11 | not yet calculated | CVE-2022-36776 MISC MISC |
ibm — cloud_pak_for_security | IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786. | 2022-11-11 | not yet calculated | CVE-2022-38387 MISC MISC |
ibm — multiple_products | IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. | 2022-11-11 | not yet calculated | CVE-2022-31772 MISC MISC |
ibm — powervm_hypervisor | After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695. | 2022-11-11 | not yet calculated | CVE-2022-34331 MISC MISC |
ibm — websphere_application_server | IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. | 2022-11-11 | not yet calculated | CVE-2022-40750 MISC MISC |
inhand_networks– inrouter302 | The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability. | 2022-11-09 | not yet calculated | CVE-2022-25932 MISC CONFIRM |
intel — advanced_link_analyzer_pro | Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-27638 MISC |
intel — amt | Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2021-33159 MISC |
intel — amt | Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2022-11-11 | not yet calculated | CVE-2022-26845 MISC |
intel — amt | Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access. | 2022-11-11 | not yet calculated | CVE-2022-27497 MISC |
intel — amt |
Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. | 2022-11-11 | not yet calculated | CVE-2022-29893 MISC |
intel — dcm |
Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2022-11-11 | not yet calculated | CVE-2022-33942 MISC |
intel — distribution_of_openvino_toolkit | Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access. | 2022-11-11 | not yet calculated | CVE-2021-26251 MISC |
intel — ema | Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-30297 MISC |
intel — glorp |
Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-30548 MISC |
intel — hyperscan_library | Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2022-11-11 | not yet calculated | CVE-2022-29486 MISC |
intel — multiple_products | Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-21794 MISC |
intel — multiple_products | Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-26024 MISC |
intel — multiple_products | Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-26124 MISC |
intel — multiple_products | Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. | 2022-11-11 | not yet calculated | CVE-2022-26341 MISC |
intel — multiple_products |
Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-33176 MISC |
intel — multiple_products | Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-34152 MISC |
intel — multiple_products | Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access. | 2022-11-11 | not yet calculated | CVE-2022-36349 MISC |
intel — multiple_products |
Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-36370 MISC |
intel — multiple_products | Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-36789 MISC |
intel — multiple_products |
Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-37334 MISC |
intel — nuc |
Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-35276 MISC |
intel — nuc_11_compute_elements |
Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-38099 MISC |
intel — nuc_kit_wireless_adapter |
Incorrect default permissions in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-36377 MISC |
intel — nuc_kit_wireless_adapter | Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-36380 MISC |
intel — nuc_kit_wireless_adapter | Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-36384 MISC |
intel — nuc_kit_wireless_adapter | Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-36400 MISC |
intel — nuc_kits | Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-37345 MISC |
intel — nuc_m15_laptop_kits |
Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-32569 MISC |
intel — nucs | Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2021-33164 MISC |
intel — presentmon | Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-26086 MISC |
intel — processors | Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-21198 MISC |
intel — processors | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-26006 MISC |
intel — proset/wireless_wifi | Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2022-11-11 | not yet calculated | CVE-2022-28667 MISC |
intel — quartus_prime_pro | XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. | 2022-11-11 | not yet calculated | CVE-2022-27233 MISC |
intel — quartus_prime_standard | Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-27187 MISC |
intel — sdp_tool | Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access. | 2022-11-11 | not yet calculated | CVE-2022-26508 MISC |
intel — server_board_m10jnp_family | Improper input validation in the firmware for some Intel(R) Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access. | 2022-11-10 | not yet calculated | CVE-2021-0185 MISC |
intel — server_board_m50cyp_family | Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access. | 2022-11-11 | not yet calculated | CVE-2022-25917 MISC |
intel — server_systems |
Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-30542 MISC |
intel — sgx_sdk | Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. | 2022-11-11 | not yet calculated | CVE-2022-27499 MISC |
intel — sps | Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access. | 2022-11-11 | not yet calculated | CVE-2022-29466 MISC |
intel — sps_chipsets |
Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access. | 2022-11-11 | not yet calculated | CVE-2022-29515 MISC |
intel — support_android_application | Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access. | 2022-11-11 | not yet calculated | CVE-2022-30691 MISC |
intel — support_android_application |
Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access. | 2022-11-11 | not yet calculated | CVE-2022-36367 MISC |
intel — system_studio | Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2021-33064 MISC |
intel — vtune_profiler | Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-26028 MISC |
intel — wapi | Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. | 2022-11-11 | not yet calculated | CVE-2022-33973 MISC |
intel — xmm_7560_modem | Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. | 2022-11-11 | not yet calculated | CVE-2022-26045 MISC |
intel — xmm_7560_modem | Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-26079 MISC |
intel — xmm_7560_modem | Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-26367 MISC |
intel — xmm_7560_modem | Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. | 2022-11-11 | not yet calculated | CVE-2022-26369 MISC |
intel — xmm_7560_modem | Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2022-11-11 | not yet calculated | CVE-2022-26513 MISC |
intel — xmm_7560_modem | Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. | 2022-11-11 | not yet calculated | CVE-2022-27639 MISC |
intel — xmm_7560_modem | Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. | 2022-11-11 | not yet calculated | CVE-2022-27874 MISC |
intel — xmm_7560_modem | Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-11-11 | not yet calculated | CVE-2022-28126 MISC |
intel — xmm_7560_modem | Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. | 2022-11-11 | not yet calculated | CVE-2022-28611 MISC |
intel — multiple_products |
Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access. | 2022-11-11 | not yet calculated | CVE-2022-26047 MISC |
istio — istio |
Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds. | 2022-11-10 | not yet calculated | CVE-2022-39388 CONFIRM MISC MISC MISC |
jerryhanjj — erp |
A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451. | 2022-11-11 | not yet calculated | CVE-2022-3944 N/A N/A |
kareadita — kavita |
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. | 2022-11-11 | not yet calculated | CVE-2022-3945 CONFIRM MISC |
lanyulei — ferry |
A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier assigned to this vulnerability. | 2022-11-11 | not yet calculated | CVE-2022-3939 N/A |
lanyulei — ferry |
A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument file_name leads to path traversal. The associated identifier of this vulnerability is VDB-213447. | 2022-11-11 | not yet calculated | CVE-2022-3940 N/A |
lin-cms — lin-cms |
An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | 2022-11-09 | not yet calculated | CVE-2022-44244 MISC MISC |
manageengine — mobile_device_manager_plus | In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. | 2022-11-12 | not yet calculated | CVE-2022-41339 MISC |
manageengine — multiple_products | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. | 2022-11-12 | not yet calculated | CVE-2022-43671 MISC |
manageengine — multiple_products | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. | 2022-11-12 | not yet calculated | CVE-2022-43672 MISC |
manageengine — servicedesk_plus_msp |
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. | 2022-11-12 | not yet calculated | CVE-2022-40773 MISC MISC |
mitsubishi_electric — multiple_products |
Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric’s advisory which is listed in [References] section. | 2022-11-08 | not yet calculated | CVE-2022-33321 MISC MISC |
mitsubishi_electric — multiple_products |
Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user’s browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric’s advisory which is listed in [References] section. | 2022-11-08 | not yet calculated | CVE-2022-33322 MISC MISC |
mm-wki — mm-wki | mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS). | 2022-11-10 | not yet calculated | CVE-2021-40289 MISC |
netatalk — netatalk | Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | 2022-11-12 | not yet calculated | CVE-2022-45188 MISC MISC MISC MISC |
nextcloud — desktop_client |
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. “vbs”, is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused. | 2022-11-11 | not yet calculated | CVE-2022-41882 MISC CONFIRM MISC MISC |
novell_products — multiple_products | A Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. | 2022-11-10 | not yet calculated | CVE-2022-43753 CONFIRM |
novell_products — multiple_products | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. | 2022-11-10 | not yet calculated | CVE-2022-43754 CONFIRM |
opensearch — opensearch_notifications |
OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin 2.2.0 and below could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin’s intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds. | 2022-11-11 | not yet calculated | CVE-2022-41906 MISC CONFIRM MISC |
owncloud — server | The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages. | 2022-11-10 | not yet calculated | CVE-2022-43679 MISC |
parse_server — parse_server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the `requestKeywordDenylist` option. This issue is fixed in versions 4.10.19, and 5.3.2. If upgrade is not possible, the following Workarounds may be applied: Configure your firewall to only allow trusted servers to make request to the Parse Server Cloud Code Webhooks API, or block the API completely if you are not using the feature. | 2022-11-10 | not yet calculated | CVE-2022-41878 CONFIRM |
parse_server — parse_server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server `requestKeywordDenylist` option. This issue has been patched in versions 5.3.3 and 4.10.20. There are no known workarounds. | 2022-11-10 | not yet calculated | CVE-2022-41879 CONFIRM |
payara — payara | Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0. | 2022-11-10 | not yet calculated | CVE-2022-45129 MISC MISC MISC MISC MISC |
pi-star — pi-star_dv_dash | Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. | 2022-11-11 | not yet calculated | CVE-2022-45182 MISC MISC MISC MISC MISC |
portofino — manydesigns |
A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability. | 2022-11-11 | not yet calculated | CVE-2022-3952 N/A N/A N/A N/A |
prestashop — eu_cookie_law_gdpr_module | The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ). | 2022-11-10 | not yet calculated | CVE-2022-44727 MISC MISC MISC |
redex — redex | DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file. | 2022-11-11 | not yet calculated | CVE-2022-36938 MISC |
sandisk — multiple_products |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux. | 2022-11-09 | not yet calculated | CVE-2022-29836 MISC |
sanluan — publiccms |
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456. | 2022-11-11 | not yet calculated | CVE-2022-3950 N/A N/A |
simplex — simplexmq | SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol. | 2022-11-12 | not yet calculated | CVE-2022-45195 MISC MISC MISC MISC |
snakeyaml — snakeyaml | Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | 2022-11-11 | not yet calculated | CVE-2022-41854 CONFIRM |
sourcecodester — sanitization_management_system |
A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability. | 2022-11-11 | not yet calculated | CVE-2022-3942 N/A |
sourcecodester — simple_cashiering_system | A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-213455. | 2022-11-11 | not yet calculated | CVE-2022-3949 N/A |
suse — multiple_products | An Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. | 2022-11-10 | not yet calculated | CVE-2022-31255 CONFIRM |
sysstat — sa_common.c |
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. | 2022-11-08 | not yet calculated | CVE-2022-39377 CONFIRM |
tauri — tauri |
Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json. | 2022-11-10 | not yet calculated | CVE-2022-41874 CONFIRM |
tholum — crm42 |
A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability. | 2022-11-11 | not yet calculated | CVE-2022-3955 N/A N/A |
tsruban — hhims | A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability. | 2022-11-11 | not yet calculated | CVE-2022-3956 N/A N/A |
unmarshal — unmarshal | Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. | 2022-11-10 | not yet calculated | CVE-2022-41719 MISC MISC MISC |
wasmtime — webassembly | Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime’s implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration requirements for safely executing WebAssembly modules. Wasmtime’s default settings require virtual memory page faults to indicate that wasm reads/writes are out-of-bounds, but the pooling allocator’s configuration would not create an appropriate virtual memory mapping for this meaning out of bounds reads/writes can successfully read/write memory unrelated to the wasm sandbox within range of the base address of the memory mapping created by the pooling allocator. This bug is not applicable with the default settings of the `wasmtime` crate. This bug can only be triggered by setting `InstanceLimits::memory_pages` to zero. This is expected to be a very rare configuration since this means that wasm modules cannot allocate any pages of linear memory. All wasm modules produced by all current toolchains are highly likely to use linear memory, so it’s expected to be unlikely that this configuration is set to zero by any production embedding of Wasmtime. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by increasing the `memory_pages` allotment when configuring the pooling allocator to a value greater than zero. If an embedding wishes to still prevent memory from actually being used then the `Store::limiter` method can be used to dynamically disallow growth of memory beyond 0 bytes large. Note that the default `memory_pages` value is greater than zero. | 2022-11-10 | not yet calculated | CVE-2022-39392 CONFIRM MISC |
wasmtime — webassembly | Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime’s implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`. | 2022-11-10 | not yet calculated | CVE-2022-39393 MISC CONFIRM |
wasmtime — webassembly | Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime’s C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected. | 2022-11-10 | not yet calculated | CVE-2022-39394 CONFIRM MISC |
wiesemann_&_theis — comserver | Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. An unathenticated remote attacker can brute force the session id and gets access to an account on the the device. | 2022-11-10 | not yet calculated | CVE-2022-42787 MISC |
wordpress — wordpress | A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448. | 2022-11-11 | not yet calculated | CVE-2022-3941 N/A N/A N/A |
wordpress — wordpress | Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. | 2022-11-10 | not yet calculated | CVE-2022-42460 CONFIRM CONFIRM |
wsgidav — wsgidav |
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration. | 2022-11-11 | not yet calculated | CVE-2022-41905 MISC CONFIRM |
xpdfreader — xpdfreader | xpdfreader 4.03 is vulnerable to Buffer Overflow. | 2022-11-10 | not yet calculated | CVE-2021-40226 MISC |
xterm — xterm | xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. | 2022-11-10 | not yet calculated | CVE-2022-45063 MISC MISC MISC MLIST MLIST |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.