US-CERT Bulletin (SB22-290):Vulnerability Summary for the Week of October 10, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — acrobat_reader Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 7.8 CVE-2022-42339
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 7.8 CVE-2022-38450
MISC
adobe — coldfusion Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction. 2022-10-14 7.5 CVE-2022-38420
MISC
adobe — coldfusion Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction. 2022-10-14 7.5 CVE-2022-38422
MISC
adobe — coldfusion Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. 2022-10-14 7.5 CVE-2022-42340
MISC
adobe — coldfusion Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. 2022-10-14 7.5 CVE-2022-42341
MISC
adobe — coldfusion Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. 2022-10-14 9.8 CVE-2022-35710
MISC
adobe — coldfusion Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. 2022-10-14 9.8 CVE-2022-35711
MISC
adobe — coldfusion Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. 2022-10-14 9.8 CVE-2022-35712
MISC
adobe — coldfusion Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. 2022-10-14 9.8 CVE-2022-38418
MISC
adobe — coldfusion Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges. 2022-10-14 7.2 CVE-2022-38421
MISC
adobe — coldfusion Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges. 2022-10-14 7.2 CVE-2022-38424
MISC
adobe — commerce Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. 2022-10-14 10 CVE-2022-35698
MISC
adobe — dimension Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 7.8 CVE-2022-38440
MISC
adobe — dimension Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 7.8 CVE-2022-38442
MISC
adobe — dimension Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 7.8 CVE-2022-38446
MISC
adobe — dimension Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 7.8 CVE-2022-38441
MISC
adobe — dimension Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 7.8 CVE-2022-38447
MISC
adobe — dimension Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 7.8 CVE-2022-38448
MISC
apache — shiro Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. 2022-10-12 9.8 CVE-2022-40664
CONFIRM
MLIST
MLIST
MLIST
arraynetworks — arrayos_ag Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected. 2022-10-13 9.8 CVE-2022-42897
MISC
MISC
arubanetworks — instant There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-07 9.8 CVE-2022-37885
MISC
arubanetworks — instant There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-07 9.8 CVE-2022-37886
MISC
arubanetworks — instant There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-07 9.8 CVE-2022-37887
MISC
arubanetworks — instant There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-07 9.8 CVE-2022-37889
MISC
arubanetworks — instant Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-07 9.8 CVE-2022-37890
MISC
arubanetworks — instant Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-07 9.8 CVE-2022-37891
MISC
arubanetworks — instant An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. 2022-10-07 7.8 CVE-2022-37893
MISC
autodesk — revit A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. 2022-10-07 7.8 CVE-2021-40162
MISC
autodesk — revit A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component. 2022-10-07 7.8 CVE-2021-40163
MISC
autodesk — revit A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. 2022-10-07 7.8 CVE-2021-40164
MISC
autodesk — revit A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. 2022-10-07 7.8 CVE-2021-40165
MISC
autodesk — revit A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code. 2022-10-07 7.8 CVE-2021-40166
MISC
bentley — microstation Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. 2022-10-13 7.8 CVE-2022-42899
MISC
bentley — microstation Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. 2022-10-13 7.8 CVE-2022-42900
MISC
bentley — microstation Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. 2022-10-13 7.8 CVE-2022-42901
MISC
boodskap — iot_platform Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. 2022-10-13 8.8 CVE-2022-35135
MISC
browserify-shim_project — browserify-shim Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js. 2022-10-11 9.8 CVE-2022-37617
MISC
MISC
MISC
cassianetworks — access_controller An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1. 2022-10-14 7.5 CVE-2021-22685
CONFIRM
CONFIRM
church_management_system_project — church_management_system An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-12 7.2 CVE-2022-41406
MISC
cisco — ios A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload. 2022-10-10 7.7 CVE-2022-20920
CISCO
cisco — ios_xe A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Note: This vulnerability can be exploited only by sending IPv4 TCP packets through an affected device. This vulnerability cannot be exploited by sending IPv6 traffic. 2022-10-10 8.6 CVE-2022-20837
CISCO
cisco — ios_xe A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-10-10 8.6 CVE-2022-20870
CISCO
cisco — ios_xe A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment. An attacker could exploit this vulnerability by sending a crafted IPv6 packet sourced from a device on the IPv6-enabled virtual routing and forwarding (VRF) interface through the affected device. A successful exploit could allow the attacker to reload the device, resulting in a DoS condition. 2022-10-10 7.4 CVE-2022-20915
CISCO
clippercms — clippercms ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. 2022-10-13 9.8 CVE-2022-41495
MISC
clippercms — clippercms ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. 2022-10-13 9.8 CVE-2022-41497
MISC
dedecms — dedecms DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. 2022-10-12 7.2 CVE-2022-40921
MISC
dell — alienware_area-51_r5_firmware Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2022-10-12 7.8 CVE-2022-34390
MISC
dell — alienware_area-51_r5_firmware Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2022-10-12 7.8 CVE-2022-34391
MISC
dell — alienware_area_51m_r1_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2022-10-12 7.8 CVE-2022-32485
MISC
dell — alienware_area_51m_r1_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2022-10-12 7.8 CVE-2022-32487
MISC
dell — alienware_area_51m_r1_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2022-10-12 7.8 CVE-2022-32488
MISC
dell — alienware_area_51m_r1_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2022-10-12 7.8 CVE-2022-32489
MISC
dell — alienware_area_51m_r1_firmware Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM. 2022-10-12 7.8 CVE-2022-32491
MISC
dell — alienware_area_51m_r1_firmware Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2022-10-12 7.8 CVE-2022-32493
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2022-10-11 8.8 CVE-2022-32486
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2022-10-11 8.8 CVE-2022-32492
MISC
dell — container_storage_modules Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory. 2022-10-11 8.8 CVE-2022-34426
MISC
dell — container_storage_modules Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution. 2022-10-11 8.8 CVE-2022-34427
MISC
dell — enterprise_sonic_distribution Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. 2022-10-10 7.5 CVE-2022-34425
MISC
dell — geodrive Dell GeoDrive, versions 2.1 – 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information. 2022-10-12 7.8 CVE-2022-33919
MISC
dell — geodrive Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. 2022-10-12 7.8 CVE-2022-33920
MISC
dell — geodrive Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. 2022-10-12 7.8 CVE-2022-33921
MISC
dell — geodrive Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity. 2022-10-12 7.8 CVE-2022-33922
MISC
dell — geodrive Dell GeoDrive, Versions 1.0 – 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM. 2022-10-12 7.1 CVE-2022-33937
MISC
dell — hybrid_client Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. 2022-10-11 8.2 CVE-2022-34432
MISC
dell — hybrid_client Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. 2022-10-11 7.5 CVE-2022-34430
MISC
dell — xtremio_management_server Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account. 2022-10-12 9.8 CVE-2022-31228
MISC
democritus — d8s-algorithms The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-42040
MISC
MISC
MISC
democritus — d8s-archives The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-41383
MISC
MISC
MISC
democritus — d8s-asns The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-42037
MISC
MISC
MISC
democritus — d8s-asns The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-42044
MISC
MISC
MISC
democritus — d8s-domains The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-41384
MISC
MISC
MISC
democritus — d8s-file-system The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-42041
MISC
MISC
MISC
democritus — d8s-html The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-41385
MISC
MISC
MISC
democritus — d8s-ip-addresses The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-42038
MISC
MISC
MISC
democritus — d8s-json The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-41382
MISC
MISC
MISC
democritus — d8s-lists The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-42039
MISC
MISC
MISC
democritus — d8s-networking The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-42042
MISC
MISC
MISC
democritus — d8s-pdfs The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-41387
MISC
MISC
MISC
democritus — d8s-urls The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-42036
MISC
MISC
MISC
democritus — d8s-utility The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-41381
MISC
MISC
MISC
democritus — d8s-utility The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-41386
MISC
MISC
MISC
democritus — d8s-xml The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-42043
MISC
MISC
MISC
democritus — d8s-yaml The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. 2022-10-11 9.8 CVE-2022-41380
MISC
MISC
MISC
django-mfa2_project — django-mfa2 mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage. 2022-10-11 7.5 CVE-2022-42731
MISC
MISC
MISC
dolibarr — dolibarr_erp\/crm Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval. 2022-10-12 9.8 CVE-2022-40871
MISC
dotpdn — paint.net dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). 2022-10-12 9.8 CVE-2018-18446
MISC
MISC
MISC
dotpdn — paint.net dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). 2022-10-12 9.8 CVE-2018-18447
MISC
MISC
MISC
dropbear_ssh_project — dropbear_ssh An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. 2022-10-12 7.5 CVE-2021-36369
MISC
MISC
MISC
f-secure — elements_endpoint_protection Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash. 2022-10-12 7.5 CVE-2022-28887
MISC
MISC
facebook — hermes An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. 2022-10-11 9.8 CVE-2022-32234
CONFIRM
CONFIRM
facebook — hermes A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. 2022-10-11 9.8 CVE-2022-35289
CONFIRM
CONFIRM
facebook — hermes An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. 2022-10-11 9.8 CVE-2022-40138
CONFIRM
CONFIRM
fastify — fastify fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers. 2022-10-10 7.5 CVE-2022-39288
CONFIRM
MISC
MISC
foresightsports — gc3_launch_monitor_firmware Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property. 2022-10-13 8 CVE-2022-40187
MISC
MISC
MISC
MISC
fortinet — fortios A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands. 2022-10-10 8 CVE-2021-44171
CONFIRM
freerdp — freerdp FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. 2022-10-12 7.5 CVE-2022-39282
MISC
CONFIRM
freerdp — freerdp FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. 2022-10-12 7.5 CVE-2022-39283
MISC
CONFIRM
gh-pages_project — gh-pages Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js. 2022-10-12 9.8 CVE-2022-37611
MISC
MISC
MISC
gogs — gogs
&#xA0;
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. 2022-10-11 9 CVE-2022-32174
MISC
MISC
google — android In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220741473 2022-10-11 8.8 CVE-2022-20429
MISC
google — android In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345178 2022-10-14 7.8 CVE-2021-0699
MISC
google — android In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345085 2022-10-11 7.8 CVE-2021-0951
MISC
google — android In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223086933References: N/A 2022-10-14 7.8 CVE-2022-20397
MISC
google — android In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231322873 2022-10-11 7.8 CVE-2022-20415
MISC
google — android In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237717857 2022-10-11 7.8 CVE-2022-20416
MISC
google — android In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237288416 2022-10-11 7.8 CVE-2022-20417
MISC
google — android In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-237290578 2022-10-11 7.8 CVE-2022-20419
MISC
google — android In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238377411 2022-10-11 7.8 CVE-2022-20420
MISC
google — android In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel 2022-10-11 7.8 CVE-2022-20421
MISC
google — android There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221233 2022-10-11 7.8 CVE-2022-20430
MISC
google — android There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221238 2022-10-11 7.8 CVE-2022-20431
MISC
google — android There is an missing authorization issue in the system service. Since the component does not have permission check and permission protection,, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221899 2022-10-11 7.8 CVE-2022-20432
MISC
google — android There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221901 2022-10-11 7.8 CVE-2022-20433
MISC
google — android There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242244028 2022-10-11 7.8 CVE-2022-20434
MISC
google — android There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367 2022-10-11 7.8 CVE-2022-20435
MISC
google — android There is an unauthorized service in the system service. Since the component does not have permission check, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242248369 2022-10-11 7.8 CVE-2022-20436
MISC
google — android In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319121; Issue ID: ALPS07319121. 2022-10-07 7.8 CVE-2022-26471
MISC
google — android In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID: ALPS07319095. 2022-10-07 7.8 CVE-2022-26472
MISC
google — android A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution. 2022-10-07 7.8 CVE-2022-39852
MISC
google — android A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. 2022-10-07 7.8 CVE-2022-39853
MISC
google — android In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-205570663 2022-10-11 7.5 CVE-2022-20410
MISC
google — android In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-231986464 2022-10-11 7.5 CVE-2022-20418
MISC
google — android In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID: ALPS07030600. 2022-10-07 7.5 CVE-2022-32589
MISC
google — android In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259. 2022-10-07 7.5 CVE-2022-32591
MISC
google — android In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242344778 2022-10-11 7 CVE-2021-0696
MISC
google — android In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel 2022-10-11 7 CVE-2022-20422
MISC
google — protobuf-java A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. 2022-10-12 7.5 CVE-2022-3171
CONFIRM
gradle — enterprise An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2. 2022-10-07 7.5 CVE-2022-41574
MISC
MISC
grafana — grafana Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources. 2022-10-13 7.8 CVE-2022-31123
CONFIRM
MISC
grafana — grafana Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user’s Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication. 2022-10-13 7.5 CVE-2022-31130
CONFIRM
MISC
MISC
MISC
grunt-karma_project — grunt-karma Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js. 2022-10-14 9.8 CVE-2022-37602
MISC
MISC
MISC
hancom — hancom_office_2020 A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability. 2022-10-07 7.8 CVE-2022-33896
MISC
hashicorp — packer An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root. 2022-10-11 7.8 CVE-2022-42717
MISC
MISC
MISC
huawei — harmonyos The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices. 2022-10-14 7.8 CVE-2022-41576
MISC
MISC
huawei — harmonyos The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability. 2022-10-14 7.1 CVE-2022-41577
MISC
MISC
human_resource_management_system_project — human_resource_management_system A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559. 2022-10-12 9.8 CVE-2022-3458
N/A
human_resource_management_system_project — human_resource_management_system A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772. 2022-10-13 8.8 CVE-2022-3492
MISC
human_resource_management_system_project — human_resource_management_system A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability. 2022-10-14 8.8 CVE-2022-3496
MISC
idreamsoft — icms iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. 2022-10-13 9.8 CVE-2022-41496
MISC
ikuai8 — ikuaios iKuai8 v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability. 2022-10-12 8.8 CVE-2022-40469
MISC
MISC
MISC
ikus-soft — rdiffweb Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. 2022-10-14 9.8 CVE-2022-3439
MISC
CONFIRM
ikus-soft — rdiffweb Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. 2022-10-13 9.8 CVE-2022-3456
MISC
CONFIRM
ikus-soft — rdiffweb Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5. 2022-10-13 9.8 CVE-2022-3457
MISC
CONFIRM
ini4j_project — ini4j An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. 2022-10-11 7.5 CVE-2022-41404
MISC
interspire — email_marketer Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php “create survey and submit survey” operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550. 2022-10-11 8.8 CVE-2022-40777
MISC
MISC
isc — dhcp In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option’s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. 2022-10-07 7.5 CVE-2022-2928
CONFIRM
MLIST
FEDORA
jflyfox — jfinal_cms JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. 2022-10-13 8.8 CVE-2022-37208
MISC
MISC
jiusi — jiusi_oa A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-210709 was assigned to this vulnerability. 2022-10-12 9.8 CVE-2022-3467
MISC
MISC
js-beautify_project — js-beautify Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js. 2022-10-11 9.8 CVE-2022-37609
MISC
MISC
MISC
linaro — lava In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. 2022-10-13 8.8 CVE-2022-42902
MISC
MISC
linuxmint — warpinator Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. 2022-10-10 7.5 CVE-2022-42725
MISC
MISC
MISC
MISC
mediabridgeproducts — mlwr-ac1200r_firmware A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700. 2022-10-12 9.8 CVE-2022-3465
N/A
N/A
melistechnology — melis-asset-manager MelisAssetManager provides deliveries of Melis Platform’s assets located in every module’s public folder. Attackers can read arbitrary files on affected versions of `melisplatform/melis-asset-manager`, leading to the disclosure of sensitive information. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-asset-manager` >= 5.0.1. This issue was addressed by restricting access to files to intended directories only. 2022-10-11 7.5 CVE-2022-39296
CONFIRM
MISC
melistechnology — meliscms MelisCms provides a full CMS for Melis Platform, including templating system, drag’n’drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data. 2022-10-12 9.8 CVE-2022-39297
MISC
CONFIRM
melistechnology — meliscms MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-front`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-front` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data. 2022-10-12 9.8 CVE-2022-39298
MISC
CONFIRM
merchandise_online_store_project — merchandise_online_store A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. 2022-10-11 8.8 CVE-2022-42238
MISC
mi — xiaomi A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege. 2022-10-11 9.8 CVE-2020-14129
MISC
mi — xiaomi The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life. 2022-10-11 9.8 CVE-2020-14131
MISC
microsoft — .net_core NuGet Client Elevation of Privilege Vulnerability. 2022-10-11 7.8 CVE-2022-41032
MISC
microsoft — azure_rtos_usbx Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in the `_ux_host_class_cdc_ecm_mac_address_get` function which may be potentially exploited to achieve remote code execution or denial of service. Setting mac address string descriptor length to a `0` or `1` allows an attacker to introduce an integer underflow followed (string_length) by a buffer overflow of the `cdc_ecm -> ux_host_class_cdc_ecm_node_id` array. This may allow one to redirect the code execution flow or introduce a denial of service. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). Improved mac address string descriptor length validation to check for unexpectedly small values may be used as a workaround. 2022-10-10 9.8 CVE-2022-36063
CONFIRM
MISC
MISC
microsoft — azure_stack_edge Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability. 2022-10-11 10 CVE-2022-37968
MISC
microsoft — jupyter Visual Studio Code Elevation of Privilege Vulnerability. 2022-10-11 7.8 CVE-2022-41083
MISC
microsoft — malware_protection_engine Microsoft Windows Defender Elevation of Privilege Vulnerability. 2022-10-11 7.1 CVE-2022-37971
MISC
microsoft — office Microsoft Office Remote Code Execution Vulnerability. 2022-10-11 7.8 CVE-2022-38048
MISC
microsoft — office Microsoft Office Graphics Remote Code Execution Vulnerability. 2022-10-11 7.8 CVE-2022-38049
MISC
microsoft — office Microsoft Word Remote Code Execution Vulnerability. 2022-10-11 7.8 CVE-2022-41031
MISC
microsoft — sharepoint_foundation Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41036, CVE-2022-41037, CVE-2022-41038. 2022-10-11 8.8 CVE-2022-38053
MISC
microsoft — sharepoint_foundation Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41037, CVE-2022-41038. 2022-10-11 8.8 CVE-2022-41036
MISC
microsoft — sharepoint_foundation Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41036, CVE-2022-41038. 2022-10-11 8.8 CVE-2022-41037
MISC
microsoft — sharepoint_foundation Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41036, CVE-2022-41037. 2022-10-11 8.8 CVE-2022-41038
MISC
microsoft — visual_studio_code Visual Studio Code Remote Code Execution Vulnerability. 2022-10-11 7.8 CVE-2022-41034
MISC
microsoft — visual_studio_code Visual Studio Code Information Disclosure Vulnerability. 2022-10-11 7.4 CVE-2022-41042
MISC
microsoft — windows_10 Windows Group Policy Elevation of Privilege Vulnerability. 2022-10-11 8.8 CVE-2022-37975
MISC
microsoft — windows_10 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38031. 2022-10-11 8.8 CVE-2022-37982
MISC
microsoft — windows_10 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. 2022-10-11 8.8 CVE-2022-38016
MISC
microsoft — windows_10 Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37998. 2022-10-11 8.6 CVE-2022-37973
MISC
microsoft — windows_10 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. 2022-10-11 8.1 CVE-2022-22035
MISC
microsoft — windows_10 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. 2022-10-11 8.1 CVE-2022-24504
MISC
microsoft — windows_10 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. 2022-10-11 8.1 CVE-2022-30198
MISC
microsoft — windows_10 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. 2022-10-11 8.1 CVE-2022-33634
MISC
microsoft — windows_10 Windows GDI+ Remote Code Execution Vulnerability. 2022-10-11 7.8 CVE-2022-33635
MISC
microsoft — windows_10 Windows Hyper-V Elevation of Privilege Vulnerability. 2022-10-11 7.8 CVE-2022-37979
MISC
microsoft — windows_10 Windows DHCP Client Elevation of Privilege Vulnerability. 2022-10-11 7.8 CVE-2022-37980
MISC
microsoft — windows_10 Windows WLAN Service Elevation of Privilege Vulnerability. 2022-10-11 7.8 CVE-2022-37984
MISC
microsoft — windows_10 Windows Win32k Elevation of Privilege Vulnerability. 2022-10-11 7.8 CVE-2022-37986
MISC
microsoft — windows_10 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. 2022-10-11 7.8 CVE-2022-37995
MISC
microsoft — windows_10 Windows Resilient File System Elevation of Privilege. 2022-10-11 7.8 CVE-2022-38003
MISC
microsoft — windows_10 Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37973. 2022-10-11 7.7 CVE-2022-37998
MISC
microsoft — windows_10 Windows TCP/IP Driver Denial of Service Vulnerability. 2022-10-11 7.5 CVE-2022-33645
MISC
microsoft — windows_10 Windows CryptoAPI Spoofing Vulnerability. 2022-10-11 7.5 CVE-2022-34689
MISC
microsoft — windows_10 Windows Active Directory Certificate Services Security Feature Bypass. 2022-10-11 7.5 CVE-2022-37978
MISC
microsoft — windows_server_2008 Active Directory Certificate Services Elevation of Privilege Vulnerability. 2022-10-11 8.8 CVE-2022-37976
MISC
microsoft — windows_server_2008 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37982. 2022-10-11 8.8 CVE-2022-38031
MISC
microsoft — windows_server_2008 Windows Workstation Service Elevation of Privilege Vulnerability. 2022-10-11 8.8 CVE-2022-38034
MISC
microsoft — windows_server_2008 Microsoft ODBC Driver Remote Code Execution Vulnerability. 2022-10-11 8.8 CVE-2022-38040
MISC
microsoft — windows_server_2008 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38047, CVE-2022-41081. 2022-10-11 8.1 CVE-2022-38000
MISC
microsoft — windows_server_2008 Active Directory Domain Services Elevation of Privilege Vulnerability. 2022-10-11 8.1 CVE-2022-38042
MISC
microsoft — windows_server_2008 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-41081. 2022-10-11 8.1 CVE-2022-38047
MISC
microsoft — windows_server_2008 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047. 2022-10-11 8.1 CVE-2022-41081
MISC
microsoft — windows_server_2008 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37989. 2022-10-11 7.8 CVE-2022-37987
MISC
microsoft — windows_server_2008 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. 2022-10-11 7.8 CVE-2022-37988
MISC
microsoft — windows_server_2008 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37987. 2022-10-11 7.8 CVE-2022-37989
MISC
microsoft — windows_server_2008 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. 2022-10-11 7.8 CVE-2022-37990
MISC
microsoft — windows_server_2008 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. 2022-10-11 7.8 CVE-2022-37991
MISC
microsoft — windows_server_2008 Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37994, CVE-2022-37999. 2022-10-11 7.8 CVE-2022-37993
MISC
microsoft — windows_server_2008 Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37999. 2022-10-11 7.8 CVE-2022-37994
MISC
microsoft — windows_server_2008 Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-38051. 2022-10-11 7.8 CVE-2022-37997
MISC
microsoft — windows_server_2008 Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37994. 2022-10-11 7.8 CVE-2022-37999
MISC
microsoft — windows_server_2008 Windows Print Spooler Elevation of Privilege Vulnerability. 2022-10-11 7.8 CVE-2022-38028
MISC
microsoft — windows_server_2008 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38038, CVE-2022-38039. 2022-10-11 7.8 CVE-2022-38037
MISC
microsoft — windows_server_2008 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38039. 2022-10-11 7.8 CVE-2022-38038
MISC
microsoft — windows_server_2008 Windows CD-ROM File System Driver Remote Code Execution Vulnerability. 2022-10-11 7.8 CVE-2022-38044
MISC
microsoft — windows_server_2008 Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37997. 2022-10-11 7.8 CVE-2022-38051
MISC
microsoft — windows_server_2008 Windows COM+ Event System Service Elevation of Privilege Vulnerability. 2022-10-11 7.8 CVE-2022-41033
MISC
microsoft — windows_server_2008 Windows Secure Channel Denial of Service Vulnerability. 2022-10-11 7.5 CVE-2022-38041
MISC
microsoft — windows_server_2008 Windows Storage Elevation of Privilege Vulnerability. 2022-10-11 7 CVE-2022-38027
MISC
microsoft — windows_server_2008 Windows ALPC Elevation of Privilege Vulnerability. 2022-10-11 7 CVE-2022-38029
MISC
microsoft — windows_server_2012 Server Service Remote Protocol Elevation of Privilege Vulnerability. 2022-10-11 9.1 CVE-2022-38045
MISC
microsoft — windows_server_2012 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. 2022-10-11 7 CVE-2022-38021
MISC
microsoft — windows_server_2019 Windows DWM Core Library Elevation of Privilege Vulnerability. 2022-10-11 7.8 CVE-2022-37970
MISC
microsoft — windows_server_2019 Microsoft DWM Core Library Elevation of Privilege Vulnerability. 2022-10-11 7.8 CVE-2022-37983
MISC
microsoft — windows_server_2019 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038. 2022-10-11 7.8 CVE-2022-38039
MISC
microsoft — windows_server_2019 Win32k Elevation of Privilege Vulnerability. 2022-10-11 7.8 CVE-2022-38050
MISC
microsoft — windows_server_2019 Web Account Manager Information Disclosure Vulnerability. 2022-10-11 7.5 CVE-2022-38046
MISC
microsoft — windows_server_2022 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability. 2022-10-11 7.5 CVE-2022-38036
MISC
mockery_project — mockery Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js. 2022-10-12 9.8 CVE-2022-37614
MISC
MISC
MISC
newsletter_subscribe_\(popup_\+_regular_module\)_project — newsletter_subscribe_\(popup_\+_regular_module\) OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter. 2022-10-12 9.8 CVE-2022-41403
MISC
node_saml_project — node_saml node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround. 2022-10-13 8.1 CVE-2022-39300
MISC
CONFIRM
nokia — airframe_bmc_web_gui_r18_firmware Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity). 2022-10-12 8.8 CVE-2022-28866
MISC
MISC
ocomon_project — ocomon OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. 2022-10-13 9.8 CVE-2022-41390
MISC
ocomon_project — ocomon OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. 2022-10-13 9.8 CVE-2022-41391
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. 2022-10-14 9.8 CVE-2022-42064
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-13 7.2 CVE-2022-41533
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-13 7.2 CVE-2022-41534
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. 2022-10-07 7.2 CVE-2022-42073
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. 2022-10-07 7.2 CVE-2022-42074
MISC
online_leave_management_system_project — online_leave_management_system An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-07 7.2 CVE-2022-41379
MISC
online_pet_shop_we_app_project — online_pet_shop_we_app Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. 2022-10-12 9.8 CVE-2022-41408
MISC
online_pet_shop_we_app_project — online_pet_shop_we_app Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. 2022-10-07 7.2 CVE-2022-41377
MISC
online_pet_shop_we_app_project — online_pet_shop_we_app Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory. 2022-10-07 7.2 CVE-2022-41378
MISC
online_pet_shop_we_app_project — online_pet_shop_we_app Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. 2022-10-12 7.2 CVE-2022-41407
MISC
open_source_sacco_management_system_project — open_source_sacco_management_system Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan. 2022-10-07 7.2 CVE-2022-41514
MISC
open_source_sacco_management_system_project — open_source_sacco_management_system Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. 2022-10-07 7.2 CVE-2022-41515
MISC
open_source_sacco_management_system_project — open_source_sacco_management_system Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower. 2022-10-12 7.2 CVE-2022-41530
MISC
open_source_sacco_management_system_project — open_source_sacco_management_system Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan. 2022-10-12 7.2 CVE-2022-41532
MISC
openssl — openssl OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5). 2022-10-11 7.5 CVE-2022-3358
CONFIRM
CONFIRM
paloaltonetworks — pan-os An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. 2022-10-12 8.1 CVE-2022-0030
MISC
panini — everest_engine Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file. 2022-10-07 7.8 CVE-2022-39959
MISC
MISC
passport-saml_project — passport-saml Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround. 2022-10-12 8.1 CVE-2022-39299
CONFIRM
MISC
powerline_gitstatus_project — powerline_gitstatus powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker’s control. NOTE: this is similar to CVE-2022-20001. 2022-10-13 7.8 CVE-2022-42906
MISC
MISC
progress — whatsup_gold In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim’s browser. 2022-10-12 9.6 CVE-2022-42711
MISC
MISC
MISC
puppet — puppetlabs-mysql Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. 2022-10-07 9.8 CVE-2022-3275
MISC
puppet — puppetlabs-mysql Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. 2022-10-07 8.8 CVE-2022-3276
MISC
redirection-for-contact-form7 — redirection_for_contact_form_7 Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe. 2022-10-11 7.5 CVE-2021-36913
CONFIRM
CONFIRM
ree6 — ree6 Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds. 2022-10-13 9.8 CVE-2022-39303
MISC
CONFIRM
resiot — iot_platform_and_lorawan_network_server Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts. 2022-10-13 8.8 CVE-2022-34020
MISC
MISC
rpcms — rpcms RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account. 2022-10-13 8.8 CVE-2022-41475
MISC
samsung — dynamic_lockscreen Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. 2022-10-07 9.8 CVE-2022-39862
MISC
samsung — smartthings Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. 2022-10-07 7.5 CVE-2022-39864
MISC
samsung — smartthings Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. 2022-10-07 7.5 CVE-2022-39865
MISC
samsung — smartthings Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. 2022-10-07 7.5 CVE-2022-39866
MISC
samsung — smartthings Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. 2022-10-07 7.5 CVE-2022-39867
MISC
samsung — smartthings Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. 2022-10-07 7.5 CVE-2022-39868
MISC
samsung — smartthings Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. 2022-10-07 7.5 CVE-2022-39869
MISC
samsung — smartthings Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. 2022-10-07 7.5 CVE-2022-39870
MISC
samsung — smartthings Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. 2022-10-07 7.5 CVE-2022-39871
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-39803
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-39804
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-39805
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-39806
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-39808
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41167
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41168
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41170
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41172
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41175
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41177
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JtTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41179
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41180
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41184
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41185
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, a Remote Code Execution can be triggered when payload forces a stack-based overflow and or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41186
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41187
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 7.8 CVE-2022-41188
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41189
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41190
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41191
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 7.8 CVE-2022-41192
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41193
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 7.8 CVE-2022-41194
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41195
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41196
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 7.8 CVE-2022-41197
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41198
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41199
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41200
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41201
MISC
MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. 2022-10-11 7.8 CVE-2022-41202
MISC
MISC
sap — business_objects_business_intelligence_platform Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application. 2022-10-11 7.6 CVE-2022-39013
MISC
MISC
sap — commerce An attacker can change the content of an SAP Commerce – versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system. 2022-10-11 8.8 CVE-2022-41204
MISC
MISC
sap — manufacturing_execution SAP Manufacturing Execution – versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure. 2022-10-11 7.5 CVE-2022-39802
MISC
MISC
sap — sap_iq SAP SQL Anywhere – version 17.0, and SAP IQ – version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. 2022-10-11 9.8 CVE-2022-35299
MISC
MISC
siemens — 6gk6108-4am00-2ba2_firmware Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. 2022-10-11 8.8 CVE-2022-31765
MISC
siemens — 7kg8500-0aa00-0aa0_firmware A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the parameter of a specific GET request. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. 2022-10-11 8.8 CVE-2022-41665
MISC
siemens — 7kg8500-0aa00-0aa0_firmware A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user’s session after login. 2022-10-11 8.1 CVE-2022-40226
MISC
siemens — desigo_pxm30-1_firmware A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded Chromium-based browser is launched as root with the &#x201C;–no-sandbox&#x201D; option. Attackers can add arbitrary JavaScript code inside &#x201C;Operation&#x201D; graphics and successfully exploit any number of publicly known vulnerabilities against the version of the embedded Chromium-based browser. 2022-10-11 8.8 CVE-2022-40182
MISC
siemens — desigo_pxm30-1_firmware A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded browser does not prevent interaction with alternative URI schemes when redirected to corresponding resources by web application code. By setting the homepage URI, the favorite URIs, or redirecting embedded browser users via JavaScript code to alternative scheme resources, a remote low privileged attacker can perform a range of attacks against the device, such as read arbitrary files on the filesystem, execute arbitrary JavaScript code in order to steal or manipulate the information on the screen, or trigger denial of service conditions. 2022-10-11 8.3 CVE-2022-40181
MISC
siemens — desigo_pxm30-1_firmware A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in endpoints of the &#x201C;Operation&#x201D; web application that interpret and execute Axon language queries, due to the missing validation of anti-CSRF tokens or other origin checks. By convincing a victim to click on a malicious link or visit a specifically crafted webpage while logged-in to the device web application, a remote unauthenticated attacker can execute arbitrary Axon queries against the device. 2022-10-11 8.1 CVE-2022-40179
MISC
siemens — desigo_pxm30-1_firmware A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). There exists an Improper Neutralization of Special Elements used in an OS Command with root privileges during a restore operation due to the missing validation of the names of files included in the input package. By restoring a specifically crafted package, a remote low-privileged attacker can execute arbitrary system commands with root privileges on the device, leading to a full compromise. 2022-10-11 8 CVE-2022-40176
MISC
siemens — industrial_edge_management A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. 2022-10-11 7.4 CVE-2022-40147
MISC
siemens — jt_open_toolkit A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973) 2022-10-11 7.8 CVE-2022-41851
MISC
siemens — logo\!_8_bm_firmware A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code. 2022-10-11 9.8 CVE-2022-36361
MISC
siemens — logo\!_8_bm_firmware A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device. 2022-10-11 7.5 CVE-2022-36360
MISC
siemens — logo\!_8_bm_firmware A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device. 2022-10-11 7.5 CVE-2022-36362
MISC
siemens — nucleus_net A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions), Nucleus Source Code (Versions including affected FTP server). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server. 2022-10-11 7.5 CVE-2022-38371
MISC
MISC
siemens — ruggedcom_rm1224_firmware A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.1.2), SCALANCE M874-2 (All versions < V7.1.2), SCALANCE M874-3 (All versions < V7.1.2), SCALANCE M876-3 (EVDO) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (All versions < V7.1.2), SCALANCE M876-4 (EU) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (All versions < V7.1.2), SCALANCE S615 (All versions < V7.1.2), SCALANCE WAM763-1 (All versions >= V1.1.0), SCALANCE WAM766-1 (All versions >= V1.1.0), SCALANCE WAM766-1 (All versions >= V1.1.0), SCALANCE WAM766-1 6GHz (All versions >= V1.1.0), SCALANCE WAM766-1 EEC (All versions >= V1.1.0), SCALANCE WAM766-1 EEC (All versions >= V1.1.0), SCALANCE WAM766-1 EEC 6GHz (All versions >= V1.1.0), SCALANCE WUM763-1 (All versions >= V1.1.0), SCALANCE WUM763-1 (All versions >= V1.1.0), SCALANCE WUM766-1 (All versions >= V1.1.0), SCALANCE WUM766-1 (All versions >= V1.1.0), SCALANCE WUM766-1 6GHz (All versions >= V1.1.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service and reboot the device thus possibly affecting other network resources. 2022-10-11 8.6 CVE-2022-31766
MISC
siemens — simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication. 2022-10-11 7.8 CVE-2022-38465
MISC
siemens — simatic_hmi_comfort_panels_firmware A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets. 2022-10-11 7.5 CVE-2022-40227
MISC
siemens — solid_edge A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). The affected application contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17627) 2022-10-11 7.8 CVE-2022-37864
MISC
simple_cold_storage_management_system_project — simple_cold_storage_managment_system Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. 2022-10-11 7.2 CVE-2022-42230
MISC
simple_online_public_access_catalog_project — simple_online_public_access_catalog A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784. 2022-10-14 7.2 CVE-2022-3495
MISC
MISC
slack_morphism_project — slack_morphism Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slack webhooks may disable or filter debug logs. 2022-10-10 7.5 CVE-2022-39292
CONFIRM
MISC
sonicwall — global_management_system SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application’s binaries and configuration files. 2022-10-13 7.5 CVE-2021-20030
CONFIRM
tenda — ac1206_firmware Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet. 2022-10-12 7.5 CVE-2022-42079
MISC
tenda — ac1206_firmware Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter. 2022-10-12 7.5 CVE-2022-42080
MISC
tenda — ac1206_firmware Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter. 2022-10-12 7.5 CVE-2022-42081
MISC
traefik — traefik Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds. 2022-10-11 7.5 CVE-2022-39271
MISC
CONFIRM
MISC
trendmicro — apex_one A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability. 2022-10-10 9.1 CVE-2022-41746
MISC
MISC
trendmicro — apex_one An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-10-10 7.8 CVE-2022-41747
MISC
MISC
trendmicro — apex_one An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-10-10 7.8 CVE-2022-41749
MISC
MISC
trendmicro — apex_one A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-10-10 7 CVE-2022-41744
MISC
MISC
trendmicro — apex_one An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-10-10 7 CVE-2022-41745
MISC
MISC
vmware — vcenter_server The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. 2022-10-07 9.1 CVE-2022-31680
MISC
MISC
wayos — lq-09_firmware WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm. 2022-10-13 8.1 CVE-2022-41489
MISC
web-based_student_clearance_system_project — web-based_student_clearance_system A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210367. 2022-10-09 7.5 CVE-2022-3436
MISC
webpack.js — loader-utils Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js. 2022-10-12 9.8 CVE-2022-37601
MISC
MISC
MISC
webpack.js — loader-utils A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. 2022-10-11 7.5 CVE-2022-37599
MISC
MISC
MISC
wedding_planner_project — wedding_planner Wedding Planner v1.0 is vulnerable to arbitrary code execution. 2022-10-07 9.8 CVE-2022-42075
MISC
MISC
wedding_planner_project — wedding_planner Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. 2022-10-11 8.8 CVE-2022-42034
MISC
wedding_planner_project — wedding_planner Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. 2022-10-11 8.8 CVE-2022-42229
MISC
wijungle — u250_firmware WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. 2022-10-12 9.8 CVE-2022-33106
MISC
MISC
woo_billingo_plus_project — woo_billingo_plus The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin’s license 2022-10-10 7.1 CVE-2022-3154
MISC
xmldom_project — xmldom A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. 2022-10-11 9.8 CVE-2022-37616
MISC
MISC
MISC
MISC
zkteco — zkbiosecurity_v5000 An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. 2022-10-07 8.8 CVE-2022-36634
MISC
MISC
MISC
zkteco — zkbiosecurity_v5000 ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do. 2022-10-07 8.8 CVE-2022-36635
MISC
MISC
MISC
zoneminder — zoneminder ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging. 2022-10-07 7.5 CVE-2022-39289
MISC
CONFIRM
Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adguard — adguardhome In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules. 2022-10-11 4.3 CVE-2022-32175
MISC
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 5.5 CVE-2022-35691
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 5.5 CVE-2022-38437
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 5.5 CVE-2022-38449
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 5.5 CVE-2022-42342
MISC
adobe — coldfusion Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges. 2022-10-14 4.9 CVE-2022-38423
MISC
adobe — coldfusion
&#xA0;
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. 2022-10-14 5.9 CVE-2022-38419
MISC
adobe — commerce Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction. 2022-10-14 5.3 CVE-2022-35689
MISC
adobe — dimension Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 5.5 CVE-2022-38443
MISC
arubanetworks — instant An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. 2022-10-07 6.5 CVE-2022-37894
MISC
arubanetworks — instant A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. 2022-10-07 6.1 CVE-2022-37896
MISC
arubanetworks — instant A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability. 2022-10-07 5.4 CVE-2022-37892
MISC
arubanetworks — instant An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. 2022-10-07 4.9 CVE-2022-37895
MISC
asset_cleanup\ — _page_speed_booster_project Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan’s Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress. 2022-10-11 4.8 CVE-2021-36899
CONFIRM
CONFIRM
avaya — aura_communication_manager Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0. 2022-10-12 6.7 CVE-2022-2249
CONFIRM
bevywise — mqttroute A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field. 2022-10-13 5.4 CVE-2022-35612
MISC
bevywise — mqttroute A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards. 2022-10-13 4.3 CVE-2022-35611
MISC
boodskap — iot_platform Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests. 2022-10-13 6.5 CVE-2022-35136
MISC
boodskap — iot_platform Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability. 2022-10-13 5.4 CVE-2022-35134
MISC
book_store_management_system_project — book_store_management_system A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument category_name leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210436. 2022-10-11 5.4 CVE-2022-3452
MISC
book_store_management_system_project — book_store_management_system A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /transcation.php. The manipulation of the argument buyer_name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210437 was assigned to this vulnerability. 2022-10-11 5.4 CVE-2022-3453
MISC
brainvire — disable_user_login The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will. 2022-10-10 5.3 CVE-2022-2350
MISC
cert — vince An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the “Product Affected” field. 2022-10-10 5.4 CVE-2022-40248
MISC
cert — vince An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field. 2022-10-10 5.4 CVE-2022-40257
MISC
cisco — ios_xe A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the boot process of the affected device. To exploit this vulnerability, the attacker needs either unauthenticated physical access to the device or privileged access to the root shell on the device. Note: In Cisco IOS XE Software releases 16.11.1 and later, root shell access is protected by the Consent Token mechanism. However, an attacker with level-15 privileges could easily downgrade the Cisco IOS XE Software running on a device to a release where root shell access is more readily available. 2022-10-10 6.8 CVE-2022-20944
CISCO
cisco — ios_xe_rom_monitor A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password. 2022-10-10 4.6 CVE-2022-20864
CISCO
cisco — sd-wan_vmanage A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses. 2022-10-10 5.3 CVE-2022-20830
CISCO
cozmoslabs — profile_builder Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on. 2022-10-11 4.3 CVE-2021-36915
CONFIRM
CONFIRM
crealogix — ebics_server A vulnerability was found in Crealogix EBICS 7.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ebics-server/ebics.aspx. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-210374 is the identifier assigned to this vulnerability. 2022-10-10 6.1 CVE-2022-3442
N/A
N/A
d-bus_project — d-bus An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. 2022-10-10 6.5 CVE-2022-42010
CONFIRM
MISC
FEDORA
d-bus_project — d-bus An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. 2022-10-10 6.5 CVE-2022-42011
CONFIRM
MISC
FEDORA
d-bus_project — d-bus An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. 2022-10-10 6.5 CVE-2022-42012
CONFIRM
MISC
FEDORA
dell — alienware_area_51m_r1_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2022-10-12 4.4 CVE-2022-32483
MISC
dell — alienware_area_51m_r1_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2022-10-12 4.4 CVE-2022-32484
MISC
dell — cloud_mobility_for_dell_emc_storage Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. 2022-10-11 6.7 CVE-2022-34434
MISC
dell — geodrive Dell GeoDrive, Versions 2.1 – 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information. 2022-10-12 5.5 CVE-2022-33918
MISC
dell — hybrid_client Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. 2022-10-11 6.5 CVE-2022-34431
MISC
dell — wyse_thinos Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service. 2022-10-10 4.9 CVE-2022-34402
MISC
eng — knowage Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds. 2022-10-13 6.1 CVE-2022-39295
CONFIRM
MISC
fatfreecrm — fatfreecrm fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit `c85a254` and will be available in release `0.20.1`. Users are advised to upgrade or to manually apply patch `c85a254`. There are no known workarounds for this issue. 2022-10-08 6.5 CVE-2022-39281
MISC
MISC
CONFIRM
flatpress — flatpress Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. 2022-10-11 5.4 CVE-2022-40047
MISC
MISC
fontmeister_project — fontmeister Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress. 2022-10-11 6.1 CVE-2022-33978
CONFIRM
CONFIRM
fortinet — fortimanager An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path. 2022-10-10 5.3 CVE-2022-26121
CONFIRM
getshortcodes — shortcodes_ultimate Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change. 2022-10-11 4.3 CVE-2022-38086
CONFIRM
CONFIRM
gin-vue-admin_project — gin-vue-admin In “Gin-Vue-Admin”, versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the ‘Normal Upload’ functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover. 2022-10-14 5.4 CVE-2022-32177
CONFIRM
MISC
gnu — osip GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. 2022-10-11 6.5 CVE-2022-41550
MISC
google — android In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel 2022-10-11 6.7 CVE-2022-20409
MISC
google — android In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230794395 2022-10-11 6.7 CVE-2022-20412
MISC
google — android In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID: ALPS07262305. 2022-10-07 6.7 CVE-2022-26452
MISC
google — android In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID: ALPS07342197. 2022-10-07 6.7 CVE-2022-26473
MISC
google — android In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717. 2022-10-07 6.7 CVE-2022-26474
MISC
google — android In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743. 2022-10-07 6.7 CVE-2022-26475
MISC
google — android In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425. 2022-10-07 6.7 CVE-2022-32590
MISC
google — android In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405. 2022-10-07 6.7 CVE-2022-32592
MISC
google — android In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493. 2022-10-07 6.7 CVE-2022-32593
MISC
google — android In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921 2022-10-11 5.5 CVE-2022-20351
MISC
google — android In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235850634 2022-10-11 5.5 CVE-2022-20413
MISC
google — android In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235823407 2022-10-11 5.5 CVE-2022-20425
MISC
google — android In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242258929 2022-10-11 5.5 CVE-2022-20437
MISC
google — android In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259920 2022-10-11 5.5 CVE-2022-20438
MISC
google — android In Messaging, There has unauthorized provider, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242266172 2022-10-11 5.5 CVE-2022-20439
MISC
google — android In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259918 2022-10-11 5.5 CVE-2022-20440
MISC
google — android In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/A 2022-10-14 5.5 CVE-2022-20464
MISC
google — android Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. 2022-10-07 5.3 CVE-2022-39847
MISC
google — android In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-204906124 2022-10-11 5 CVE-2022-20394
MISC
google — android In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel 2022-10-11 4.6 CVE-2022-20423
MISC
google — android Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. 2022-10-07 4.3 CVE-2022-39855
MISC
hashicorp — nomad HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0. 2022-10-12 6.5 CVE-2022-41606
MISC
MISC
hashicorp — vault HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role’s CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10. 2022-10-12 5.3 CVE-2022-41316
MISC
MISC
haskell — aeson The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service. 2022-10-10 6.5 CVE-2022-3433
MISC
human_resource_management_system_project — human_resource_management_system A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability. 2022-10-13 6.5 CVE-2022-3470
MISC
MISC
human_resource_management_system_project — human_resource_management_system A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-210717 was assigned to this vulnerability. 2022-10-13 6.5 CVE-2022-3473
MISC
MISC
human_resource_management_system_project — human_resource_management_system A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210773 was assigned to this vulnerability. 2022-10-13 5.4 CVE-2022-3493
MISC
human_resource_management_system_project — human_resource_management_system A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. VDB-210786 is the identifier assigned to this vulnerability. 2022-10-14 5.4 CVE-2022-3497
MISC
human_resource_management_system_project — human_resource_management_system A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831. 2022-10-14 5.4 CVE-2022-3502
MISC
MISC
human_resource_management_system_project — human_resource_management_system A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210715. 2022-10-13 4.9 CVE-2022-3471
MISC
MISC
human_resource_management_system_project — human_resource_management_system A vulnerability was found in SourceCodester Human Resource Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file city.php. The manipulation of the argument cityedit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210716. 2022-10-13 4.9 CVE-2022-3472
MISC
MISC
ibm — navigator_mobile IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968. 2022-10-11 5.5 CVE-2022-38388
CONFIRM
XF
ibm — sterling_partner_engagement_manager IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704. 2022-10-10 6.5 CVE-2022-34334
CONFIRM
XF
ikus-soft — rdiffweb Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. 2022-10-10 6.1 CVE-2022-3438
CONFIRM
MISC
isc — dhcp In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. 2022-10-07 6.5 CVE-2022-2929
CONFIRM
MLIST
FEDORA
jgraph — mxgraph mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function. 2022-10-12 6.1 CVE-2022-40440
MISC
MISC
MISC
johnsoncontrols — c-cure_9000_firmware Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions. 2022-10-11 5.3 CVE-2021-36201
CERT
CONFIRM
johnsoncontrols — metasys_extended_application_and_data_server On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. 2022-10-07 6.5 CVE-2022-21936
CERT
CONFIRM
libreoffice — libreoffice LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme ‘vnd.libreoffice.command’ specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6. 2022-10-11 6.3 CVE-2022-3140
MISC
DEBIAN
liferay — liferay_portal An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. 2022-10-07 5.3 CVE-2022-41414
MISC
linux — linux_kernel mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. 2022-10-09 5.5 CVE-2022-42703
MISC
MISC
MISC
MISC
linux — linux_kernel A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. 2022-10-08 4.3 CVE-2022-3435
N/A
N/A
FEDORA
FEDORA
merchandise_online_store_project — merchandise_online_store A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. 2022-10-11 5.4 CVE-2022-42236
MISC
metaslider — slider\,_gallery\,_and_carousel The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-10-10 4.8 CVE-2022-2823
MISC
metroui — metro_ui Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function. 2022-10-11 6.1 CVE-2022-41376
MISC
microsoft — azure_service_fabric Service Fabric Explorer Spoofing Vulnerability. 2022-10-11 4.8 CVE-2022-35829
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Spoofing Vulnerability. 2022-10-11 5.3 CVE-2022-41035
MISC
microsoft — office Microsoft Office Spoofing Vulnerability. 2022-10-11 6.5 CVE-2022-38001
MISC
microsoft — office Microsoft Office Information Disclosure Vulnerability. 2022-10-11 5.3 CVE-2022-41043
MISC
microsoft — storsimple_8010_firmware StorSimple 8000 Series Elevation of Privilege Vulnerability. 2022-10-11 6.8 CVE-2022-38017
MISC
microsoft — windows_10 Windows NTLM Spoofing Vulnerability. 2022-10-11 6.5 CVE-2022-35770
MISC
microsoft — windows_10 Windows Mixed Reality Developer Tools Information Disclosure Vulnerability. 2022-10-11 6.5 CVE-2022-37974
MISC
microsoft — windows_10 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability. 2022-10-11 6.5 CVE-2022-37977
MISC
microsoft — windows_10 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. 2022-10-11 5.9 CVE-2022-37965
MISC
microsoft — windows_10 Windows Graphics Component Information Disclosure Vulnerability. 2022-10-11 5.5 CVE-2022-37985
MISC
microsoft — windows_10 Windows Event Logging Service Denial of Service Vulnerability. 2022-10-11 4.3 CVE-2022-37981
MISC
microsoft — windows_server_2008 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability. 2022-10-11 6.8 CVE-2022-38032
MISC
microsoft — windows_server_2008 Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability. 2022-10-11 6.5 CVE-2022-38033
MISC
microsoft — windows_server_2008 Windows DHCP Client Information Disclosure Vulnerability. 2022-10-11 5.5 CVE-2022-38026
MISC
microsoft — windows_server_2008 Windows Security Support Provider Interface Information Disclosure Vulnerability. 2022-10-11 5.3 CVE-2022-38043
MISC
microsoft — windows_server_2012 Windows Kernel Memory Information Disclosure Vulnerability. 2022-10-11 5.5 CVE-2022-37996
MISC
microsoft — windows_server_2019 Windows USB Serial Driver Information Disclosure Vulnerability. 2022-10-11 4.3 CVE-2022-38030
MISC
microsoft — windows_server_2022 Windows Distributed File System (DFS) Information Disclosure Vulnerability. 2022-10-11 5.5 CVE-2022-38025
MISC
misp-project — malware_information_sharing_platform app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). 2022-10-10 4.3 CVE-2022-42724
MISC
octopus — octopus_server In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability 2022-10-13 6.5 CVE-2022-2828
MISC
octopus — octopus_server In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work. 2022-10-12 5.3 CVE-2022-2720
MISC
online_birth_certificate_management_system_project — online_birth_certificate_management_system Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability. 2022-10-14 5.4 CVE-2022-42069
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567. 2022-10-14 6.5 CVE-2022-35040
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f. 2022-10-14 6.5 CVE-2022-35041
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11. 2022-10-14 6.5 CVE-2022-35042
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6. 2022-10-14 6.5 CVE-2022-35043
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087. 2022-10-14 6.5 CVE-2022-35044
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63. 2022-10-14 6.5 CVE-2022-35045
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466. 2022-10-14 6.5 CVE-2022-35046
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa. 2022-10-14 6.5 CVE-2022-35047
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c. 2022-10-14 6.5 CVE-2022-35048
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5. 2022-10-14 6.5 CVE-2022-35049
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de. 2022-10-14 6.5 CVE-2022-35050
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b55af. 2022-10-14 6.5 CVE-2022-35051
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1. 2022-10-14 6.5 CVE-2022-35052
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x61731f. 2022-10-14 6.5 CVE-2022-35053
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2. 2022-10-14 6.5 CVE-2022-35054
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473. 2022-10-14 6.5 CVE-2022-35055
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478. 2022-10-14 6.5 CVE-2022-35056
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce. 2022-10-14 6.5 CVE-2022-35058
MISC
MISC
otfcc_project — otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414. 2022-10-14 6.5 CVE-2022-35059
MISC
MISC
pencidesign — soledad The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],…} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. 2022-10-10 6.1 CVE-2022-3209
MISC
picuploader_project — picuploader PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php. 2022-10-07 6.1 CVE-2022-41442
MISC
MISC
premium-themes — cryptocurrency_pricing_list_and_ticker The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue 2022-10-10 6.1 CVE-2021-25044
MISC
projectworlds — online_examination_system Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. 2022-10-14 6.1 CVE-2022-42066
MISC
MISC
puppycms — puppycms A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-210699. 2022-10-12 6.1 CVE-2022-3464
N/A
purchase_order_management_system_project — purchase_order_management_system A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210832. 2022-10-14 5.4 CVE-2022-3503
MISC
MISC
resiot — iot_platform_and_lorawan_network_server Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields. 2022-10-13 5.4 CVE-2022-34021
MISC
resmush.it — resmush.it_image_optimizer The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfiltered_html is disallowed. 2022-10-10 4.8 CVE-2022-2448
MISC
rpcms — rpcms RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. 2022-10-13 6.5 CVE-2022-41474
MISC
rpcms — rpcms RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function. 2022-10-13 6.1 CVE-2022-41473
MISC
samsung — account Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. 2022-10-07 5.5 CVE-2022-39874
MISC
samsung — account Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. 2022-10-07 4.7 CVE-2022-39863
MISC
samsung — account Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. 2022-10-07 4.4 CVE-2022-39875
MISC
samsung — checkout Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast. 2022-10-07 5.5 CVE-2022-39878
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 5.5 CVE-2022-39807
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 5.5 CVE-2022-41166
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 5.5 CVE-2022-41169
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 5.5 CVE-2022-41171
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 5.5 CVE-2022-41173
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 5.5 CVE-2022-41174
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 5.5 CVE-2022-41176
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 5.5 CVE-2022-41178
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 5.5 CVE-2022-41181
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 5.5 CVE-2022-41182
MISC
MISC
sap — 3d_visual_enterprise_author Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. 2022-10-11 5.5 CVE-2022-41183
MISC
MISC
sap — business_objects_business_intelligence_platform Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. 2022-10-11 6.5 CVE-2022-39015
MISC
MISC
sap — businessobjects_business_intelligence SAP BusinessObjects BI LaunchPad – versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. 2022-10-11 6.1 CVE-2022-39800
MISC
MISC
sap — businessobjects_business_intelligence SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) – versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application. 2022-10-11 5.4 CVE-2022-41206
MISC
MISC
sap — businessobjects_business_intelligence Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. 2022-10-11 4.9 CVE-2022-35296
MISC
MISC
sap — customer_data_cloud SAP Customer Data Cloud (Gigya mobile app for Android) – version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks. 2022-10-11 5.2 CVE-2022-41209
MISC
MISC
sap — customer_data_cloud SAP Customer Data Cloud (Gigya mobile app for Android) – version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings. 2022-10-11 5.2 CVE-2022-41210
MISC
MISC
sap — data_services SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application’s immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console. 2022-10-11 6.1 CVE-2022-35226
MISC
MISC
sap — enable_now The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. 2022-10-11 5.4 CVE-2022-35297
MISC
MISC
shortpixel — enable_media_replace The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example 2022-10-10 4.9 CVE-2022-2554
MISC
siemens — desigo_pxm30-1_firmware A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Endpoints of the &#x201C;Operation&#x201D; web application that interpret and execute Axon language queries allow file read access to the device file system with root privileges. By supplying specific I/O related Axon queries, a remote low-privileged attacker can read sensitive files on the device. 2022-10-11 5.7 CVE-2022-40177
MISC
siemens — desigo_pxm30-1_firmware A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Improper Neutralization of Input During Web Page Generation exists in the &#x201C;Import Files&#x201C; functionality of the &#x201C;Operation&#x201D; web application, due to the missing validation of the titles of files included in the input package. By uploading a specifically crafted graphics package, a remote low-privileged attacker can execute arbitrary JavaScript code. 2022-10-11 5.4 CVE-2022-40178
MISC
siemens — desigo_pxm30-1_firmware A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in the &#x201C;Import Files&#x201C; functionality of the &#x201C;Operation&#x201D; web application due to the missing validation of anti-CSRF tokens or other origin checks. A remote unauthenticated attacker can upload and enable permanent arbitrary JavaScript code into the device just by convincing a victim to visit a specifically crafted webpage while logged-in to the device web application. 2022-10-11 5.3 CVE-2022-40180
MISC
siemens — logo\!_8_bm_firmware A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory. 2022-10-11 5.3 CVE-2022-36363
MISC
siemens — scalance_x200-4p_irt_firmware A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking. 2022-10-11 6.1 CVE-2022-40631
MISC
simplefilelist — simple-file-list The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it’s content via a CSRF attack. 2022-10-10 6.5 CVE-2022-3208
MISC
simplefilelist — simple-file-list The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-10-10 4.8 CVE-2022-3207
MISC
solarwinds — network_configuration_manager An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. 2022-10-10 6.5 CVE-2021-35226
MISC
student_clearance_system_project — student_clearance_system A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form. 2022-10-11 5.4 CVE-2022-42235
MISC
swftools — swftools SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c. 2022-10-13 5.5 CVE-2022-35080
MISC
MISC
swftools — swftools SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c. 2022-10-13 5.5 CVE-2022-35081
MISC
MISC
taskbuilder — taskbuilder The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task’s attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file 2022-10-10 5.4 CVE-2022-3137
MISC
tenda — ac1206_firmware Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. 2022-10-12 6.5 CVE-2022-42077
MISC
tenda — ac1206_firmware Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. 2022-10-12 6.5 CVE-2022-42078
MISC
tenda — ax1803_firmware Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. 2022-10-12 6.5 CVE-2022-42086
MISC
tenda — ax1803_firmware Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. 2022-10-12 6.5 CVE-2022-42087
MISC
tiny-csrf_project — tiny-csrf tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit `8eead6d` and the patch with be included in version 1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. 2022-10-07 6.5 CVE-2022-39287
CONFIRM
MISC
totaljs — total.js A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings. 2022-10-07 5.4 CVE-2022-41392
MISC
MISC
MISC
trendmicro — apex_one A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product’s anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability. 2022-10-10 6.7 CVE-2022-41748
MISC
vanderbilt — redcap A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution. 2022-10-12 6.1 CVE-2022-42715
MISC
MISC
MISC
vmware — esxi VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. 2022-10-07 6.5 CVE-2022-31681
MISC
vmware — vrealize_operations VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data. 2022-10-11 4.9 CVE-2022-31682
MISC
web-based_student_clearance_system_project — web-based_student_clearance_system A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been rated as problematic. Affected by this issue is the function prepare of the file /Admin/add-student.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210356. 2022-10-08 5.4 CVE-2022-3434
N/A
N/A
webgilde — advanced_comment_form The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-10-10 4.8 CVE-2022-3220
MISC
wpchill — download_monitor The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. 2022-10-10 4.9 CVE-2022-2981
MISC
wpdarko — top_bar The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-10-10 4.8 CVE-2022-2629
MISC
wpsocialrocket — social_rocket The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-10-10 4.8 CVE-2022-3136
MISC
wpwhitesecurity — wp_2fa The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don’t mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared. 2022-10-10 5.9 CVE-2022-2891
MISC
xen — xapi XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors. 2022-10-11 5.3 CVE-2022-33749
MISC
CONFIRM
MLIST
xen — xen P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing. 2022-10-11 6.5 CVE-2022-33746
MISC
CONFIRM
MLIST
xen — xen lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. 2022-10-11 5.6 CVE-2022-33748
MISC
CONFIRM
MLIST
zimbra — collaboration An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure. 2022-10-12 6.1 CVE-2022-41348
MISC
MISC
zimbra — collaboration In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim’s machine. 2022-10-12 6.1 CVE-2022-41349
MISC
MISC
zimbra — collaboration In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim’s machine. 2022-10-12 6.1 CVE-2022-41350
MISC
MISC
zimbra — collaboration In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10). 2022-10-12 6.1 CVE-2022-41351
MISC
MISC
zoneminder — zoneminder ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-10-07 6.5 CVE-2022-39290
CONFIRM
MISC
zoneminder — zoneminder ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current “tr” “td” brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the “view=log” page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging. 2022-10-07 5.4 CVE-2022-39285
MISC
MISC
CONFIRM
zoneminder — zoneminder ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with “View” system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the “/zm/index.php” endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue. 2022-10-07 5.4 CVE-2022-39291
MISC
MISC
MISC
CONFIRM
MISC
Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
google — android Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. 2022-10-07 3.3 CVE-2022-36868
MISC
google — android Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. 2022-10-07 3.3 CVE-2022-39851
MISC
huawei — harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. 2022-10-14 3.4 CVE-2022-41592
MISC
MISC
huawei — harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. 2022-10-14 3.4 CVE-2022-41593
MISC
MISC
huawei — harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. 2022-10-14 3.4 CVE-2022-41594
MISC
MISC
huawei — harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. 2022-10-14 3.4 CVE-2022-41595
MISC
MISC
huawei — harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. 2022-10-14 3.4 CVE-2022-41597
MISC
MISC
huawei — harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. 2022-10-14 3.4 CVE-2022-41598
MISC
MISC
huawei — harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. 2022-10-14 3.4 CVE-2022-41600
MISC
MISC
huawei — harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. 2022-10-14 3.4 CVE-2022-41601
MISC
MISC
huawei — harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. 2022-10-14 3.4 CVE-2022-41602
MISC
MISC
huawei — harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. 2022-10-14 3.4 CVE-2022-41603
MISC
MISC
microsoft — windows_server_2008 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. 2022-10-11 3.3 CVE-2022-38022
MISC
samsung — factorycamera Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. 2022-10-07 3.3 CVE-2022-39861
MISC
samsung — quick_share Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast. 2022-10-07 3.5 CVE-2022-39860
MISC
samsung — reminder Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. 2022-10-07 3.3 CVE-2022-39876
MISC
samsung — sharelive Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. 2022-10-07 3.3 CVE-2022-39872
MISC
xen — xen Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest’s P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings. 2022-10-11 3.8 CVE-2022-33747
MISC
CONFIRM
MLIST
Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
389-ds-base — 389-ds-base A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. 2022-10-14 not yet calculated CVE-2022-2850
MISC
MISC
adobe — coldfusion Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. 2022-10-14 not yet calculated CVE-2022-35690
MISC
adobe — dimension Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 not yet calculated CVE-2022-38444
MISC
adobe — dimension Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-14 not yet calculated CVE-2022-38445
MISC
apache — apache_commons_text Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is “${prefix:name}”, where “prefix” is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: – “script” – execute expressions using the JVM script execution engine (javax.script) – “dns” – resolve dns records – “url” – load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. 2022-10-13 not yet calculated CVE-2022-42889
CONFIRM
MLIST
apache — kylin Kylin’s cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of &#x201C;– conf=&#x201D; to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier. 2022-10-13 not yet calculated CVE-2022-24697
CONFIRM
atlassian — jira The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request. 2022-10-14 not yet calculated CVE-2022-36802
MISC
atlassian — jira The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox. 2022-10-14 not yet calculated CVE-2022-36803
MISC
autodesk — design_review A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-14 not yet calculated CVE-2022-41306
MISC
autodesk — fbx_sdk An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-14 not yet calculated CVE-2022-41302
MISC
autodesk — fbx_sdk A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system. 2022-10-14 not yet calculated CVE-2022-41303
MISC
autodesk — fbx_sdk An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure. 2022-10-14 not yet calculated CVE-2022-41304
MISC
autodesk — subassembly_composer A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-14 not yet calculated CVE-2022-41305
MISC
autodesk — subassembly_composer A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-14 not yet calculated CVE-2022-41307
MISC
autodesk — subassembly_composer A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-14 not yet calculated CVE-2022-41308
MISC
d-link_covr — d-link_covr D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator. 2022-10-13 not yet calculated CVE-2022-42159
MISC
MISC
d-link_covr — d-link_covr D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. 2022-10-13 not yet calculated CVE-2022-42161
MISC
MISC
d-link_covr — d-link_covr D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings. 2022-10-13 not yet calculated CVE-2022-42156
MISC
MISC
d-link_covr — d-link_covr D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. 2022-10-13 not yet calculated CVE-2022-42160
MISC
MISC
gitee — openharmony OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. 2022-10-14 not yet calculated CVE-2022-42464
MISC
gitee — openharmony OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. 2022-10-14 not yet calculated CVE-2022-42488
MISC
gitee — openharmony OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption. 2022-10-14 not yet calculated CVE-2022-41686
MISC
gitee — openharmony OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands. 2022-10-14 not yet calculated CVE-2022-42463
MISC
go — parseacceptlanguage An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. 2022-10-14 not yet calculated CVE-2022-32149
MISC
MISC
MISC
MISC
go — reader.read Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. 2022-10-14 not yet calculated CVE-2022-2879
MISC
MISC
MISC
MISC
go — reverseproxy Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request’s Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. 2022-10-14 not yet calculated CVE-2022-2880
MISC
MISC
MISC
MISC
gocd — gocd GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the “Access Token Management” admin function. 2022-10-14 not yet calculated CVE-2022-39308
MISC
MISC
MISC
CONFIRM
gocd — gocd GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation endpoint exposed agent communication and allowed deserialization of arbitrary java objects, as well as subsequent remote code execution. Exploitation requires agent-level authentication, thus an attacker would need to either compromise an existing agent, its network communication or register a new agent to practically exploit this vulnerability. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. 2022-10-14 not yet calculated CVE-2022-39311
CONFIRM
MISC
MISC
gocd — gocd GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. 2022-10-14 not yet calculated CVE-2022-39309
MISC
MISC
CONFIRM
MISC
gocd — gocd GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to broken access control and incorrect validation of agent tokens within the GoCD server. Since work packages can contain sensitive information such as credentials intended only for a given job running against a specific agent environment, this can cause accidental information disclosure. Exploitation requires knowledge of agent identifiers and ability to authenticate as an existing agent with the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. 2022-10-14 not yet calculated CVE-2022-39310
MISC
MISC
CONFIRM
grafana — grafana Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user’s Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds. 2022-10-13 not yet calculated CVE-2022-39201
CONFIRM
MISC
MISC
MISC
grafana — grafana Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user’s login attempt by registering someone else’e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`’s email address. This prevents `user_1` logging into the application since `user_1`’s password won’t match with `user_2`’s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue. 2022-10-13 not yet calculated CVE-2022-39229
MISC
MISC
CONFIRM
huawei — harmonyos The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data. 2022-10-14 not yet calculated CVE-2022-38977
MISC
huawei — harmonyos The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions. 2022-10-14 not yet calculated CVE-2022-38980
MISC
huawei — harmonyos The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage. 2022-10-14 not yet calculated CVE-2022-38981
MISC
huawei — harmonyos The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. 2022-10-14 not yet calculated CVE-2022-38982
MISC
huawei — harmonyos The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution. 2022-10-14 not yet calculated CVE-2022-38983
MISC
MISC
huawei — harmonyos The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. 2022-10-14 not yet calculated CVE-2022-38984
MISC
MISC
huawei — harmonyos The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality. 2022-10-14 not yet calculated CVE-2022-38985
MISC
MISC
huawei — harmonyos The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability. 2022-10-14 not yet calculated CVE-2022-38986
MISC
MISC
huawei — harmonyos The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module. 2022-10-14 not yet calculated CVE-2022-39011
MISC
MISC
huawei — harmonyos The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. 2022-10-14 not yet calculated CVE-2021-46839
MISC
MISC
huawei — harmonyos The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. 2022-10-14 not yet calculated CVE-2021-46840
MISC
MISC
huawei — harmonyos The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. 2022-10-14 not yet calculated CVE-2022-38998
MISC
MISC
huawei — emui/magic_ui The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information. 2022-10-14 not yet calculated CVE-2022-41578
MISC
MISC
huawei — emui/magic_ui The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. 2022-10-14 not yet calculated CVE-2022-41580
MISC
MISC
huawei — emui/magic_ui The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module. 2022-10-14 not yet calculated CVE-2022-41583
MISC
MISC
huawei — emui/magic_ui The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. 2022-10-14 not yet calculated CVE-2022-41584
MISC
MISC
huawei — emui/magic_ui The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. 2022-10-14 not yet calculated CVE-2022-41585
MISC
MISC
huawei — emui/magic_ui The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality. 2022-10-14 not yet calculated CVE-2022-41586
MISC
MISC
huawei — emui/magic_ui Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability. 2022-10-14 not yet calculated CVE-2022-41587
MISC
huawei — emui/magic_ui The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. 2022-10-14 not yet calculated CVE-2022-41588
MISC
MISC
huawei — emui/magic_ui The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability. 2022-10-14 not yet calculated CVE-2022-41589
MISC
MISC
huawei — emui/magic_ui The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. 2022-10-14 not yet calculated CVE-2022-41581
MISC
MISC
huawei — emui/magic_ui The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability. 2022-10-14 not yet calculated CVE-2022-41582
MISC
MISC
ikea — tradfri_smart_lights An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TR&#xC5;DFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TR&#xC5;DFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 2022-10-14 not yet calculated CVE-2022-39064
MISC
ikea — tradfri_smart_lights A single malformed IEEE 802.15.4 (Zigbee) frame makes the TR&#xC5;DFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TR&#xC5;DFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2022-10-14 not yet calculated CVE-2022-39065
MISC
istio — istiod Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go. 2022-10-13 not yet calculated CVE-2022-39278
MISC
CONFIRM
MISC
MISC
jasper — jasper A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. 2022-10-14 not yet calculated CVE-2022-2963
MISC
MISC
MISC
liferay — digital_experience_platform A Cross-site scripting (XSS) vulnerability in the Blog module – add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic. 2022-10-13 not yet calculated CVE-2022-38902
MISC
MISC
MISC
linux — linux_kernel Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. 2022-10-14 not yet calculated CVE-2022-42720
MISC
MISC
MISC
FEDORA
FEDORA
linux — linux_kernel A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. 2022-10-14 not yet calculated CVE-2022-42721
MISC
MISC
MISC
FEDORA
FEDORA
linux — linux_kernel An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. 2022-10-14 not yet calculated CVE-2022-41674
MISC
MISC
MISC
MISC
MISC
FEDORA
FEDORA
linux — linux_kernel A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. 2022-10-13 not yet calculated CVE-2022-42719
MISC
MISC
MISC
MISC
FEDORA
FEDORA
linux — linux_kernel In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. 2022-10-14 not yet calculated CVE-2022-42722
MISC
MISC
MISC
FEDORA
FEDORA
microsoft — azure Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L165), as header_length. Then in [L178 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L178), there is a &#x201C;if&#x201D; branch, which check the expression of &#x201C;(header_length – UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE) > data_length&#x201D; where if header_length is smaller than UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE, calculation could overflow and then [L182 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L182) the calculation of data_length is also overflow, this way the later [while loop start from L192](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L192) can move data_pointer to unexpected address and cause write buffer overflow. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). The following can be used as a workaround: Add check of `header_length`: 1. It must be greater than `UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE`. 1. It should be greater or equal to the current returned data length (`transfer_request -> ux_transfer_request_actual_length`). 2022-10-13 not yet calculated CVE-2022-39293
MISC
CONFIRM
mikrotik — routeros The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later. 2022-10-15 not yet calculated CVE-2017-20149
MISC
MISC
multiple_vendors — multiple_products Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. 2022-10-14 not yet calculated CVE-2022-41715
MISC
MISC
MISC
MISC
nss — nss A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash. 2022-10-14 not yet calculated CVE-2022-3479
MISC
MISC
october — october October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the “Editor” section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66. 2022-10-13 not yet calculated CVE-2022-35944
CONFIRM
octopus_deploy — server In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack. 2022-10-14 not yet calculated CVE-2022-2780
MISC
oxhoo_tp50 — oxhoo_tp50 An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html. 2022-10-14 not yet calculated CVE-2022-41436
MISC
perfact — openvpn-client An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user. 2022-10-14 not yet calculated CVE-2021-27406
CONFIRM
ree6 — ree6 Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as “Better-Audit-Logging” which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds. 2022-10-14 not yet calculated CVE-2022-39302
CONFIRM
MISC
resistiot — iot_platform_+_lowrawan_network_server SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive. 2022-10-13 not yet calculated CVE-2022-34022
MISC
simple_cold_storage_management_system — simple_cold_storage_management_system Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. 2022-10-14 not yet calculated CVE-2022-42232
MISC
sourcecodester — online_birth_certificate_management_system Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability 2022-10-14 not yet calculated CVE-2022-42067
MISC
MISC
sourcecodester — online_birth_certificate_management_system Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). 2022-10-14 not yet calculated CVE-2022-42070
MISC
MISC
sourcecodester — online_birth_certificate_management_system Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability. 2022-10-14 not yet calculated CVE-2022-42071
MISC
MISC
sourcecodester — online_tours_&_travels_management_system Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php. 2022-10-14 not yet calculated CVE-2022-41416
MISC
sourcecodester — sacco_management_system Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php. 2022-10-14 not yet calculated CVE-2022-41535
MISC
sourcecodester — sacco_management_system Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php. 2022-10-14 not yet calculated CVE-2022-41536
MISC
sourcecodester — sanitization_management_system A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Quote Requests Tab. The manipulation of the argument Manage Remarks leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-211015. 2022-10-15 not yet calculated CVE-2022-3519
MISC
sourcecodester — sanitization_management_system A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability. 2022-10-15 not yet calculated CVE-2022-3518
MISC
sourcecodester — sanitization_management_system A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. This issue affects some unknown processing of the file /php-sms/?p=services/view_service. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210839. 2022-10-14 not yet calculated CVE-2022-3504
N/A
N/A
sourcecodester — sanitization_management_system A vulnerability was found in SourceCodester Sanitization Management System. It has been classified as problematic. Affected is an unknown function of the file /php-sms/admin/. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210840. 2022-10-14 not yet calculated CVE-2022-3505
N/A
N/A
sourcecodester — wedding_planner Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-14 not yet calculated CVE-2022-41538
MISC
sourcecodester — wedding_planner Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-14 not yet calculated CVE-2022-41539
MISC
tenda — ac1200 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. 2022-10-13 not yet calculated CVE-2022-41480
MISC
MISC
tenda — ac1200 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. 2022-10-13 not yet calculated CVE-2022-41481
MISC
MISC
tenda — ac1200 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. 2022-10-13 not yet calculated CVE-2022-41483
MISC
MISC
tenda — ac1200 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. 2022-10-13 not yet calculated CVE-2022-41485
MISC
MISC
tenda — ac1200 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. 2022-10-13 not yet calculated CVE-2022-41482
MISC
MISC
tenda — ac1900 Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. 2022-10-13 not yet calculated CVE-2022-41484
MISC
MISC
triangle_microworks — multiple_products The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition. 2022-10-11 not yet calculated CVE-2022-38138
MISC
ucms — ucms There is a file inclusion vulnerability in the template management module in UCMS 1.6 2022-10-14 not yet calculated CVE-2022-42234
MISC
unisoc — multiple_products In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-38671
MISC
unisoc — multiple_products In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-38690
MISC
unisoc — multiple_products In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-38677
MISC
unisoc — multiple_products In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-38673
MISC
unisoc — multiple_products In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-38672
MISC
unisoc — multiple_products In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-38676
MISC
unisoc — multiple_products In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-2984
MISC
unisoc — multiple_products In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-38687
MISC
unisoc — multiple_products In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-38697
MISC
unisoc — multiple_products In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-38698
MISC
unisoc — multiple_products In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-39080
MISC
unisoc — multiple_products In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-39103
MISC
unisoc — multiple_products In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-39105
MISC
unisoc — multiple_products In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-39107
MISC
unisoc — multiple_products In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-39109
MISC
unisoc — multiple_products In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-39111
MISC
unisoc — multiple_products In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-39112
MISC
unisoc — multiple_products In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-39113
MISC
unisoc — multiple_products In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-39114
MISC
unisoc — multiple_products In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-39115
MISC
unisoc — multiple_products In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-39117
MISC
unisoc — multiple_products In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-39120
MISC
unisoc — multiple_products In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-39121
MISC
unisoc — multiple_products In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-39122
MISC
unisoc — multiple_products In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-39123
MISC
unisoc — multiple_products In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-39124
MISC
unisoc — multiple_products In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-39125
MISC
unisoc — multiple_products In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-39126
MISC
unisoc — multiple_products In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-39127
MISC
unisoc — multiple_products In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-10-14 not yet calculated CVE-2022-39128
MISC
unisoc — multiple_products In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-39108
MISC
unisoc — multiple_products In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-39110
MISC
unisoc — multiple_products In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-2985
MISC
unisoc — multiple_products In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-38679
MISC
unisoc — multiple_products In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-38670
MISC
unisoc — multiple_products In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-38669
MISC
unisoc — multiple_products In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-38688
MISC
unisoc — multiple_products In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. 2022-10-14 not yet calculated CVE-2022-38689
MISC
webid — webid A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories. 2022-10-14 not yet calculated CVE-2022-41477
MISC
webpack — loader-utils A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. 2022-10-14 not yet calculated CVE-2022-37603
MISC
MISC
MISC
wolfssl — wolfssl An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.) 2022-10-15 not yet calculated CVE-2022-42961
MISC
wordpress — wordpress Cross-site Scripting (XSS) – Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3. 2022-10-14 not yet calculated CVE-2022-3506
CONFIRM
MISC
wordpress — wordpress Sensitive Data Exposure in Villatheme ALD – AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress. 2022-10-14 not yet calculated CVE-2022-41623
CONFIRM
CONFIRM
zoom — client_for_meetings Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client. 2022-10-14 not yet calculated CVE-2022-28762
MISC
zoom — on-premise_meeting_connector_mmr Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions. 2022-10-14 not yet calculated CVE-2022-28761
MISC
zoom — on-premise_meeting_connector_mmr Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. 2022-10-14 not yet calculated CVE-2022-28759
MISC
zoom — on-premise_meeting_connector_mmr Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. 2022-10-14 not yet calculated CVE-2022-28760
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn