US-CERT Bulletin (SB22-290):Vulnerability Summary for the Week of October 10, 2022

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — acrobat_reader	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-42339 MISC
adobe — acrobat_reader	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38450 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-38420 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-38422 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-42340 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-42341 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.	2022-10-14	9.8	CVE-2022-35710 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.	2022-10-14	9.8	CVE-2022-35711 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.	2022-10-14	9.8	CVE-2022-35712 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.	2022-10-14	9.8	CVE-2022-38418 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges.	2022-10-14	7.2	CVE-2022-38421 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges.	2022-10-14	7.2	CVE-2022-38424 MISC
adobe — commerce	Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.	2022-10-14	10	CVE-2022-35698 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38440 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38442 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38446 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38441 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38447 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38448 MISC
apache — shiro	Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.	2022-10-12	9.8	CVE-2022-40664 CONFIRM MLIST MLIST MLIST
arraynetworks — arrayos_ag	Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.	2022-10-13	9.8	CVE-2022-42897 MISC MISC
arubanetworks — instant	There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.	2022-10-07	9.8	CVE-2022-37885 MISC
arubanetworks — instant	There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.	2022-10-07	9.8	CVE-2022-37886 MISC
arubanetworks — instant	There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.	2022-10-07	9.8	CVE-2022-37887 MISC
arubanetworks — instant	There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.	2022-10-07	9.8	CVE-2022-37889 MISC
arubanetworks — instant	Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.	2022-10-07	9.8	CVE-2022-37890 MISC
arubanetworks — instant	Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.	2022-10-07	9.8	CVE-2022-37891 MISC
arubanetworks — instant	An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.	2022-10-07	7.8	CVE-2022-37893 MISC
autodesk — revit	A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.	2022-10-07	7.8	CVE-2021-40162 MISC
autodesk — revit	A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.	2022-10-07	7.8	CVE-2021-40163 MISC
autodesk — revit	A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.	2022-10-07	7.8	CVE-2021-40164 MISC
autodesk — revit	A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.	2022-10-07	7.8	CVE-2021-40165 MISC
autodesk — revit	A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.	2022-10-07	7.8	CVE-2021-40166 MISC
bentley — microstation	Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.	2022-10-13	7.8	CVE-2022-42899 MISC
bentley — microstation	Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.	2022-10-13	7.8	CVE-2022-42900 MISC
bentley — microstation	Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.	2022-10-13	7.8	CVE-2022-42901 MISC
boodskap — iot_platform	Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>.	2022-10-13	8.8	CVE-2022-35135 MISC
browserify-shim_project — browserify-shim	Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js.	2022-10-11	9.8	CVE-2022-37617 MISC MISC MISC
cassianetworks — access_controller	An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1.	2022-10-14	7.5	CVE-2021-22685 CONFIRM CONFIRM
church_management_system_project — church_management_system	An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-12	7.2	CVE-2022-41406 MISC
cisco — ios	A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.	2022-10-10	7.7	CVE-2022-20920 CISCO
cisco — ios_xe	A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Note: This vulnerability can be exploited only by sending IPv4 TCP packets through an affected device. This vulnerability cannot be exploited by sending IPv6 traffic.	2022-10-10	8.6	CVE-2022-20837 CISCO
cisco — ios_xe	A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.	2022-10-10	8.6	CVE-2022-20870 CISCO
cisco — ios_xe	A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment. An attacker could exploit this vulnerability by sending a crafted IPv6 packet sourced from a device on the IPv6-enabled virtual routing and forwarding (VRF) interface through the affected device. A successful exploit could allow the attacker to reload the device, resulting in a DoS condition.	2022-10-10	7.4	CVE-2022-20915 CISCO
clippercms — clippercms	ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.	2022-10-13	9.8	CVE-2022-41495 MISC
clippercms — clippercms	ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php.	2022-10-13	9.8	CVE-2022-41497 MISC
dedecms — dedecms	DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.	2022-10-12	7.2	CVE-2022-40921 MISC
dell — alienware_area-51_r5_firmware	Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-34390 MISC
dell — alienware_area-51_r5_firmware	Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-34391 MISC
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-32485 MISC
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-32487 MISC
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-32488 MISC
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-32489 MISC
dell — alienware_area_51m_r1_firmware	Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.	2022-10-12	7.8	CVE-2022-32491 MISC
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-32493 MISC
dell — bios	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-11	8.8	CVE-2022-32486 MISC
dell — bios	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-11	8.8	CVE-2022-32492 MISC
dell — container_storage_modules	Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory.	2022-10-11	8.8	CVE-2022-34426 MISC
dell — container_storage_modules	Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution.	2022-10-11	8.8	CVE-2022-34427 MISC
dell — enterprise_sonic_distribution	Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.	2022-10-10	7.5	CVE-2022-34425 MISC
dell — geodrive	Dell GeoDrive, versions 2.1 – 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information.	2022-10-12	7.8	CVE-2022-33919 MISC
dell — geodrive	Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.	2022-10-12	7.8	CVE-2022-33920 MISC
dell — geodrive	Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.	2022-10-12	7.8	CVE-2022-33921 MISC
dell — geodrive	Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity.	2022-10-12	7.8	CVE-2022-33922 MISC
dell — geodrive	Dell GeoDrive, Versions 1.0 – 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM.	2022-10-12	7.1	CVE-2022-33937 MISC
dell — hybrid_client	Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders.	2022-10-11	8.2	CVE-2022-34432 MISC
dell — hybrid_client	Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.	2022-10-11	7.5	CVE-2022-34430 MISC
dell — xtremio_management_server	Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account.	2022-10-12	9.8	CVE-2022-31228 MISC
democritus — d8s-algorithms	The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42040 MISC MISC MISC
democritus — d8s-archives	The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41383 MISC MISC MISC
democritus — d8s-asns	The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42037 MISC MISC MISC
democritus — d8s-asns	The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42044 MISC MISC MISC
democritus — d8s-domains	The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41384 MISC MISC MISC
democritus — d8s-file-system	The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42041 MISC MISC MISC
democritus — d8s-html	The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41385 MISC MISC MISC
democritus — d8s-ip-addresses	The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42038 MISC MISC MISC
democritus — d8s-json	The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41382 MISC MISC MISC
democritus — d8s-lists	The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42039 MISC MISC MISC
democritus — d8s-networking	The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42042 MISC MISC MISC
democritus — d8s-pdfs	The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41387 MISC MISC MISC
democritus — d8s-urls	The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42036 MISC MISC MISC
democritus — d8s-utility	The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41381 MISC MISC MISC
democritus — d8s-utility	The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41386 MISC MISC MISC
democritus — d8s-xml	The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42043 MISC MISC MISC
democritus — d8s-yaml	The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41380 MISC MISC MISC
django-mfa2_project — django-mfa2	mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.	2022-10-11	7.5	CVE-2022-42731 MISC MISC MISC
dolibarr — dolibarr_erp\/crm	Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.	2022-10-12	9.8	CVE-2022-40871 MISC
dotpdn — paint.net	dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).	2022-10-12	9.8	CVE-2018-18446 MISC MISC MISC
dotpdn — paint.net	dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).	2022-10-12	9.8	CVE-2018-18447 MISC MISC MISC
dropbear_ssh_project — dropbear_ssh	An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.	2022-10-12	7.5	CVE-2021-36369 MISC MISC MISC
f-secure — elements_endpoint_protection	Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.	2022-10-12	7.5	CVE-2022-28887 MISC MISC
facebook — hermes	An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.	2022-10-11	9.8	CVE-2022-32234 CONFIRM CONFIRM
facebook — hermes	A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.	2022-10-11	9.8	CVE-2022-35289 CONFIRM CONFIRM
facebook — hermes	An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.	2022-10-11	9.8	CVE-2022-40138 CONFIRM CONFIRM
fastify — fastify	fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers.	2022-10-10	7.5	CVE-2022-39288 CONFIRM MISC MISC
foresightsports — gc3_launch_monitor_firmware	Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property.	2022-10-13	8	CVE-2022-40187 MISC MISC MISC MISC
fortinet — fortios	A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.	2022-10-10	8	CVE-2021-44171 CONFIRM
freerdp — freerdp	FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.	2022-10-12	7.5	CVE-2022-39282 MISC CONFIRM
freerdp — freerdp	FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.	2022-10-12	7.5	CVE-2022-39283 MISC CONFIRM
gh-pages_project — gh-pages	Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.	2022-10-12	9.8	CVE-2022-37611 MISC MISC MISC
gogs — gogs	In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.	2022-10-11	9	CVE-2022-32174 MISC MISC
google — android	In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220741473	2022-10-11	8.8	CVE-2022-20429 MISC
google — android	In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345178	2022-10-14	7.8	CVE-2021-0699 MISC
google — android	In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345085	2022-10-11	7.8	CVE-2021-0951 MISC
google — android	In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223086933References: N/A	2022-10-14	7.8	CVE-2022-20397 MISC
google — android	In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231322873	2022-10-11	7.8	CVE-2022-20415 MISC
google — android	In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237717857	2022-10-11	7.8	CVE-2022-20416 MISC
google — android	In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237288416	2022-10-11	7.8	CVE-2022-20417 MISC
google — android	In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-237290578	2022-10-11	7.8	CVE-2022-20419 MISC
google — android	In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238377411	2022-10-11	7.8	CVE-2022-20420 MISC
google — android	In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel	2022-10-11	7.8	CVE-2022-20421 MISC
google — android	There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221233	2022-10-11	7.8	CVE-2022-20430 MISC
google — android	There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221238	2022-10-11	7.8	CVE-2022-20431 MISC
google — android	There is an missing authorization issue in the system service. Since the component does not have permission check and permission protection,, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221899	2022-10-11	7.8	CVE-2022-20432 MISC
google — android	There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221901	2022-10-11	7.8	CVE-2022-20433 MISC
google — android	There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242244028	2022-10-11	7.8	CVE-2022-20434 MISC
google — android	There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367	2022-10-11	7.8	CVE-2022-20435 MISC
google — android	There is an unauthorized service in the system service. Since the component does not have permission check, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242248369	2022-10-11	7.8	CVE-2022-20436 MISC
google — android	In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319121; Issue ID: ALPS07319121.	2022-10-07	7.8	CVE-2022-26471 MISC
google — android	In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID: ALPS07319095.	2022-10-07	7.8	CVE-2022-26472 MISC
google — android	A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution.	2022-10-07	7.8	CVE-2022-39852 MISC
google — android	A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.	2022-10-07	7.8	CVE-2022-39853 MISC
google — android	In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-205570663	2022-10-11	7.5	CVE-2022-20410 MISC
google — android	In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-231986464	2022-10-11	7.5	CVE-2022-20418 MISC
google — android	In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID: ALPS07030600.	2022-10-07	7.5	CVE-2022-32589 MISC
google — android	In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259.	2022-10-07	7.5	CVE-2022-32591 MISC
google — android	In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242344778	2022-10-11	7	CVE-2021-0696 MISC
google — android	In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel	2022-10-11	7	CVE-2022-20422 MISC
google — protobuf-java	A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.	2022-10-12	7.5	CVE-2022-3171 CONFIRM
gradle — enterprise	An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2.	2022-10-07	7.5	CVE-2022-41574 MISC MISC
grafana — grafana	Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.	2022-10-13	7.8	CVE-2022-31123 CONFIRM MISC
grafana — grafana	Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user’s Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication.	2022-10-13	7.5	CVE-2022-31130 CONFIRM MISC MISC MISC
grunt-karma_project — grunt-karma	Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js.	2022-10-14	9.8	CVE-2022-37602 MISC MISC MISC
hancom — hancom_office_2020	A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.	2022-10-07	7.8	CVE-2022-33896 MISC
hashicorp — packer	An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.	2022-10-11	7.8	CVE-2022-42717 MISC MISC MISC
huawei — harmonyos	The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.	2022-10-14	7.8	CVE-2022-41576 MISC MISC
huawei — harmonyos	The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability.	2022-10-14	7.1	CVE-2022-41577 MISC MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559.	2022-10-12	9.8	CVE-2022-3458 N/A
human_resource_management_system_project — human_resource_management_system	A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772.	2022-10-13	8.8	CVE-2022-3492 MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability.	2022-10-14	8.8	CVE-2022-3496 MISC
idreamsoft — icms	iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.	2022-10-13	9.8	CVE-2022-41496 MISC
ikuai8 — ikuaios	iKuai8 v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.	2022-10-12	8.8	CVE-2022-40469 MISC MISC MISC
ikus-soft — rdiffweb	Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.	2022-10-14	9.8	CVE-2022-3439 MISC CONFIRM
ikus-soft — rdiffweb	Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.	2022-10-13	9.8	CVE-2022-3456 MISC CONFIRM
ikus-soft — rdiffweb	Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5.	2022-10-13	9.8	CVE-2022-3457 MISC CONFIRM
ini4j_project — ini4j	An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.	2022-10-11	7.5	CVE-2022-41404 MISC
interspire — email_marketer	Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php “create survey and submit survey” operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550.	2022-10-11	8.8	CVE-2022-40777 MISC MISC
isc — dhcp	In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option’s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.	2022-10-07	7.5	CVE-2022-2928 CONFIRM MLIST FEDORA
jflyfox — jfinal_cms	JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.	2022-10-13	8.8	CVE-2022-37208 MISC MISC
jiusi — jiusi_oa	A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-210709 was assigned to this vulnerability.	2022-10-12	9.8	CVE-2022-3467 MISC MISC
js-beautify_project — js-beautify	Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js.	2022-10-11	9.8	CVE-2022-37609 MISC MISC MISC
linaro — lava	In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.	2022-10-13	8.8	CVE-2022-42902 MISC MISC
linuxmint — warpinator	Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links.	2022-10-10	7.5	CVE-2022-42725 MISC MISC MISC MISC
mediabridgeproducts — mlwr-ac1200r_firmware	A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700.	2022-10-12	9.8	CVE-2022-3465 N/A N/A
melistechnology — melis-asset-manager	MelisAssetManager provides deliveries of Melis Platform’s assets located in every module’s public folder. Attackers can read arbitrary files on affected versions of `melisplatform/melis-asset-manager`, leading to the disclosure of sensitive information. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-asset-manager` >= 5.0.1. This issue was addressed by restricting access to files to intended directories only.	2022-10-11	7.5	CVE-2022-39296 CONFIRM MISC
melistechnology — meliscms	MelisCms provides a full CMS for Melis Platform, including templating system, drag’n’drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.	2022-10-12	9.8	CVE-2022-39297 MISC CONFIRM
melistechnology — meliscms	MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-front`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-front` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.	2022-10-12	9.8	CVE-2022-39298 MISC CONFIRM
merchandise_online_store_project — merchandise_online_store	A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.	2022-10-11	8.8	CVE-2022-42238 MISC
mi — xiaomi	A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.	2022-10-11	9.8	CVE-2020-14129 MISC
mi — xiaomi	The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.	2022-10-11	9.8	CVE-2020-14131 MISC
microsoft — .net_core	NuGet Client Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-41032 MISC
microsoft — azure_rtos_usbx	Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in the `_ux_host_class_cdc_ecm_mac_address_get` function which may be potentially exploited to achieve remote code execution or denial of service. Setting mac address string descriptor length to a `0` or `1` allows an attacker to introduce an integer underflow followed (string_length) by a buffer overflow of the `cdc_ecm -> ux_host_class_cdc_ecm_node_id` array. This may allow one to redirect the code execution flow or introduce a denial of service. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). Improved mac address string descriptor length validation to check for unexpectedly small values may be used as a workaround.	2022-10-10	9.8	CVE-2022-36063 CONFIRM MISC MISC
microsoft — azure_stack_edge	Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability.	2022-10-11	10	CVE-2022-37968 MISC
microsoft — jupyter	Visual Studio Code Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-41083 MISC
microsoft — malware_protection_engine	Microsoft Windows Defender Elevation of Privilege Vulnerability.	2022-10-11	7.1	CVE-2022-37971 MISC
microsoft — office	Microsoft Office Remote Code Execution Vulnerability.	2022-10-11	7.8	CVE-2022-38048 MISC
microsoft — office	Microsoft Office Graphics Remote Code Execution Vulnerability.	2022-10-11	7.8	CVE-2022-38049 MISC
microsoft — office	Microsoft Word Remote Code Execution Vulnerability.	2022-10-11	7.8	CVE-2022-41031 MISC
microsoft — sharepoint_foundation	Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41036, CVE-2022-41037, CVE-2022-41038.	2022-10-11	8.8	CVE-2022-38053 MISC
microsoft — sharepoint_foundation	Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41037, CVE-2022-41038.	2022-10-11	8.8	CVE-2022-41036 MISC
microsoft — sharepoint_foundation	Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41036, CVE-2022-41038.	2022-10-11	8.8	CVE-2022-41037 MISC
microsoft — sharepoint_foundation	Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41036, CVE-2022-41037.	2022-10-11	8.8	CVE-2022-41038 MISC
microsoft — visual_studio_code	Visual Studio Code Remote Code Execution Vulnerability.	2022-10-11	7.8	CVE-2022-41034 MISC
microsoft — visual_studio_code	Visual Studio Code Information Disclosure Vulnerability.	2022-10-11	7.4	CVE-2022-41042 MISC
microsoft — windows_10	Windows Group Policy Elevation of Privilege Vulnerability.	2022-10-11	8.8	CVE-2022-37975 MISC
microsoft — windows_10	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38031.	2022-10-11	8.8	CVE-2022-37982 MISC
microsoft — windows_10	Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability.	2022-10-11	8.8	CVE-2022-38016 MISC
microsoft — windows_10	Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37998.	2022-10-11	8.6	CVE-2022-37973 MISC
microsoft — windows_10	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.	2022-10-11	8.1	CVE-2022-22035 MISC
microsoft — windows_10	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.	2022-10-11	8.1	CVE-2022-24504 MISC
microsoft — windows_10	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.	2022-10-11	8.1	CVE-2022-30198 MISC
microsoft — windows_10	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.	2022-10-11	8.1	CVE-2022-33634 MISC
microsoft — windows_10	Windows GDI+ Remote Code Execution Vulnerability.	2022-10-11	7.8	CVE-2022-33635 MISC
microsoft — windows_10	Windows Hyper-V Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-37979 MISC
microsoft — windows_10	Windows DHCP Client Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-37980 MISC
microsoft — windows_10	Windows WLAN Service Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-37984 MISC
microsoft — windows_10	Windows Win32k Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-37986 MISC
microsoft — windows_10	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.	2022-10-11	7.8	CVE-2022-37995 MISC
microsoft — windows_10	Windows Resilient File System Elevation of Privilege.	2022-10-11	7.8	CVE-2022-38003 MISC
microsoft — windows_10	Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37973.	2022-10-11	7.7	CVE-2022-37998 MISC
microsoft — windows_10	Windows TCP/IP Driver Denial of Service Vulnerability.	2022-10-11	7.5	CVE-2022-33645 MISC
microsoft — windows_10	Windows CryptoAPI Spoofing Vulnerability.	2022-10-11	7.5	CVE-2022-34689 MISC
microsoft — windows_10	Windows Active Directory Certificate Services Security Feature Bypass.	2022-10-11	7.5	CVE-2022-37978 MISC
microsoft — windows_server_2008	Active Directory Certificate Services Elevation of Privilege Vulnerability.	2022-10-11	8.8	CVE-2022-37976 MISC
microsoft — windows_server_2008	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37982.	2022-10-11	8.8	CVE-2022-38031 MISC
microsoft — windows_server_2008	Windows Workstation Service Elevation of Privilege Vulnerability.	2022-10-11	8.8	CVE-2022-38034 MISC
microsoft — windows_server_2008	Microsoft ODBC Driver Remote Code Execution Vulnerability.	2022-10-11	8.8	CVE-2022-38040 MISC
microsoft — windows_server_2008	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38047, CVE-2022-41081.	2022-10-11	8.1	CVE-2022-38000 MISC
microsoft — windows_server_2008	Active Directory Domain Services Elevation of Privilege Vulnerability.	2022-10-11	8.1	CVE-2022-38042 MISC
microsoft — windows_server_2008	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-41081.	2022-10-11	8.1	CVE-2022-38047 MISC
microsoft — windows_server_2008	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047.	2022-10-11	8.1	CVE-2022-41081 MISC
microsoft — windows_server_2008	Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37989.	2022-10-11	7.8	CVE-2022-37987 MISC
microsoft — windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.	2022-10-11	7.8	CVE-2022-37988 MISC
microsoft — windows_server_2008	Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37987.	2022-10-11	7.8	CVE-2022-37989 MISC
microsoft — windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.	2022-10-11	7.8	CVE-2022-37990 MISC
microsoft — windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.	2022-10-11	7.8	CVE-2022-37991 MISC
microsoft — windows_server_2008	Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37994, CVE-2022-37999.	2022-10-11	7.8	CVE-2022-37993 MISC
microsoft — windows_server_2008	Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37999.	2022-10-11	7.8	CVE-2022-37994 MISC
microsoft — windows_server_2008	Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-38051.	2022-10-11	7.8	CVE-2022-37997 MISC
microsoft — windows_server_2008	Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37994.	2022-10-11	7.8	CVE-2022-37999 MISC
microsoft — windows_server_2008	Windows Print Spooler Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-38028 MISC
microsoft — windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38038, CVE-2022-38039.	2022-10-11	7.8	CVE-2022-38037 MISC
microsoft — windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38039.	2022-10-11	7.8	CVE-2022-38038 MISC
microsoft — windows_server_2008	Windows CD-ROM File System Driver Remote Code Execution Vulnerability.	2022-10-11	7.8	CVE-2022-38044 MISC
microsoft — windows_server_2008	Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37997.	2022-10-11	7.8	CVE-2022-38051 MISC
microsoft — windows_server_2008	Windows COM+ Event System Service Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-41033 MISC
microsoft — windows_server_2008	Windows Secure Channel Denial of Service Vulnerability.	2022-10-11	7.5	CVE-2022-38041 MISC
microsoft — windows_server_2008	Windows Storage Elevation of Privilege Vulnerability.	2022-10-11	7	CVE-2022-38027 MISC
microsoft — windows_server_2008	Windows ALPC Elevation of Privilege Vulnerability.	2022-10-11	7	CVE-2022-38029 MISC
microsoft — windows_server_2012	Server Service Remote Protocol Elevation of Privilege Vulnerability.	2022-10-11	9.1	CVE-2022-38045 MISC
microsoft — windows_server_2012	Connected User Experiences and Telemetry Elevation of Privilege Vulnerability.	2022-10-11	7	CVE-2022-38021 MISC
microsoft — windows_server_2019	Windows DWM Core Library Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-37970 MISC
microsoft — windows_server_2019	Microsoft DWM Core Library Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-37983 MISC
microsoft — windows_server_2019	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038.	2022-10-11	7.8	CVE-2022-38039 MISC
microsoft — windows_server_2019	Win32k Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-38050 MISC
microsoft — windows_server_2019	Web Account Manager Information Disclosure Vulnerability.	2022-10-11	7.5	CVE-2022-38046 MISC
microsoft — windows_server_2022	Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability.	2022-10-11	7.5	CVE-2022-38036 MISC
mockery_project — mockery	Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js.	2022-10-12	9.8	CVE-2022-37614 MISC MISC MISC
newsletter_subscribe_$popup_\+_regular_module$_project — newsletter_subscribe_$popup_\+_regular_module$	OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.	2022-10-12	9.8	CVE-2022-41403 MISC
node_saml_project — node_saml	node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround.	2022-10-13	8.1	CVE-2022-39300 MISC CONFIRM
nokia — airframe_bmc_web_gui_r18_firmware	Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity).	2022-10-12	8.8	CVE-2022-28866 MISC MISC
ocomon_project — ocomon	OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.	2022-10-13	9.8	CVE-2022-41390 MISC
ocomon_project — ocomon	OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.	2022-10-13	9.8	CVE-2022-41391 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.	2022-10-14	9.8	CVE-2022-42064 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-13	7.2	CVE-2022-41533 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-13	7.2	CVE-2022-41534 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=.	2022-10-07	7.2	CVE-2022-42073 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=.	2022-10-07	7.2	CVE-2022-42074 MISC
online_leave_management_system_project — online_leave_management_system	An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-07	7.2	CVE-2022-41379 MISC
online_pet_shop_we_app_project — online_pet_shop_we_app	Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.	2022-10-12	9.8	CVE-2022-41408 MISC
online_pet_shop_we_app_project — online_pet_shop_we_app	Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category.	2022-10-07	7.2	CVE-2022-41377 MISC
online_pet_shop_we_app_project — online_pet_shop_we_app	Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory.	2022-10-07	7.2	CVE-2022-41378 MISC
online_pet_shop_we_app_project — online_pet_shop_we_app	Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.	2022-10-12	7.2	CVE-2022-41407 MISC
open_source_sacco_management_system_project — open_source_sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan.	2022-10-07	7.2	CVE-2022-41514 MISC
open_source_sacco_management_system_project — open_source_sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment.	2022-10-07	7.2	CVE-2022-41515 MISC
open_source_sacco_management_system_project — open_source_sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower.	2022-10-12	7.2	CVE-2022-41530 MISC
open_source_sacco_management_system_project — open_source_sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan.	2022-10-12	7.2	CVE-2022-41532 MISC
openssl — openssl	OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).	2022-10-11	7.5	CVE-2022-3358 CONFIRM CONFIRM
paloaltonetworks — pan-os	An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.	2022-10-12	8.1	CVE-2022-0030 MISC
panini — everest_engine	Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.	2022-10-07	7.8	CVE-2022-39959 MISC MISC
passport-saml_project — passport-saml	Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround.	2022-10-12	8.1	CVE-2022-39299 CONFIRM MISC
powerline_gitstatus_project — powerline_gitstatus	powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker’s control. NOTE: this is similar to CVE-2022-20001.	2022-10-13	7.8	CVE-2022-42906 MISC MISC
progress — whatsup_gold	In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim’s browser.	2022-10-12	9.6	CVE-2022-42711 MISC MISC MISC
puppet — puppetlabs-mysql	Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.	2022-10-07	9.8	CVE-2022-3275 MISC
puppet — puppetlabs-mysql	Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.	2022-10-07	8.8	CVE-2022-3276 MISC
redirection-for-contact-form7 — redirection_for_contact_form_7	Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe.	2022-10-11	7.5	CVE-2021-36913 CONFIRM CONFIRM
ree6 — ree6	Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds.	2022-10-13	9.8	CVE-2022-39303 MISC CONFIRM
resiot — iot_platform_and_lorawan_network_server	Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts.	2022-10-13	8.8	CVE-2022-34020 MISC MISC
rpcms — rpcms	RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.	2022-10-13	8.8	CVE-2022-41475 MISC
samsung — dynamic_lockscreen	Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api.	2022-10-07	9.8	CVE-2022-39862 MISC
samsung — smartthings	Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.	2022-10-07	7.5	CVE-2022-39864 MISC
samsung — smartthings	Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.	2022-10-07	7.5	CVE-2022-39865 MISC
samsung — smartthings	Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.	2022-10-07	7.5	CVE-2022-39866 MISC
samsung — smartthings	Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.	2022-10-07	7.5	CVE-2022-39867 MISC
samsung — smartthings	Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.	2022-10-07	7.5	CVE-2022-39868 MISC
samsung — smartthings	Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.	2022-10-07	7.5	CVE-2022-39869 MISC
samsung — smartthings	Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.	2022-10-07	7.5	CVE-2022-39870 MISC
samsung — smartthings	Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.	2022-10-07	7.5	CVE-2022-39871 MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-39803 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-39804 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-39805 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-39806 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-39808 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41167 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41168 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41170 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41172 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41175 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41177 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JtTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41179 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41180 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41184 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41185 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, a Remote Code Execution can be triggered when payload forces a stack-based overflow and or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41186 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41187 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	7.8	CVE-2022-41188 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41189 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41190 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41191 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	7.8	CVE-2022-41192 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41193 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	7.8	CVE-2022-41194 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41195 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41196 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	7.8	CVE-2022-41197 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41198 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41199 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41200 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41201 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41202 MISC MISC
sap — business_objects_business_intelligence_platform	Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application.	2022-10-11	7.6	CVE-2022-39013 MISC MISC
sap — commerce	An attacker can change the content of an SAP Commerce – versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system.	2022-10-11	8.8	CVE-2022-41204 MISC MISC
sap — manufacturing_execution	SAP Manufacturing Execution – versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.	2022-10-11	7.5	CVE-2022-39802 MISC MISC
sap — sap_iq	SAP SQL Anywhere – version 17.0, and SAP IQ – version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.	2022-10-11	9.8	CVE-2022-35299 MISC MISC
siemens — 6gk6108-4am00-2ba2_firmware	Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.	2022-10-11	8.8	CVE-2022-31765 MISC
siemens — 7kg8500-0aa00-0aa0_firmware	A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the parameter of a specific GET request. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.	2022-10-11	8.8	CVE-2022-41665 MISC
siemens — 7kg8500-0aa00-0aa0_firmware	A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user’s session after login.	2022-10-11	8.1	CVE-2022-40226 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded Chromium-based browser is launched as root with the “–no-sandbox” option. Attackers can add arbitrary JavaScript code inside “Operation” graphics and successfully exploit any number of publicly known vulnerabilities against the version of the embedded Chromium-based browser.	2022-10-11	8.8	CVE-2022-40182 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded browser does not prevent interaction with alternative URI schemes when redirected to corresponding resources by web application code. By setting the homepage URI, the favorite URIs, or redirecting embedded browser users via JavaScript code to alternative scheme resources, a remote low privileged attacker can perform a range of attacks against the device, such as read arbitrary files on the filesystem, execute arbitrary JavaScript code in order to steal or manipulate the information on the screen, or trigger denial of service conditions.	2022-10-11	8.3	CVE-2022-40181 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in endpoints of the “Operation” web application that interpret and execute Axon language queries, due to the missing validation of anti-CSRF tokens or other origin checks. By convincing a victim to click on a malicious link or visit a specifically crafted webpage while logged-in to the device web application, a remote unauthenticated attacker can execute arbitrary Axon queries against the device.	2022-10-11	8.1	CVE-2022-40179 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). There exists an Improper Neutralization of Special Elements used in an OS Command with root privileges during a restore operation due to the missing validation of the names of files included in the input package. By restoring a specifically crafted package, a remote low-privileged attacker can execute arbitrary system commands with root privileges on the device, leading to a full compromise.	2022-10-11	8	CVE-2022-40176 MISC
siemens — industrial_edge_management	A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.	2022-10-11	7.4	CVE-2022-40147 MISC
siemens — jt_open_toolkit	A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973)	2022-10-11	7.8	CVE-2022-41851 MISC
siemens — logo\!_8_bm_firmware	A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.	2022-10-11	9.8	CVE-2022-36361 MISC
siemens — logo\!_8_bm_firmware	A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device.	2022-10-11	7.5	CVE-2022-36360 MISC
siemens — logo\!_8_bm_firmware	A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device.	2022-10-11	7.5	CVE-2022-36362 MISC
siemens — nucleus_net	A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions), Nucleus Source Code (Versions including affected FTP server). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.	2022-10-11	7.5	CVE-2022-38371 MISC MISC
siemens — ruggedcom_rm1224_firmware	A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.1.2), SCALANCE M874-2 (All versions < V7.1.2), SCALANCE M874-3 (All versions < V7.1.2), SCALANCE M876-3 (EVDO) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (All versions < V7.1.2), SCALANCE M876-4 (EU) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (All versions < V7.1.2), SCALANCE S615 (All versions < V7.1.2), SCALANCE WAM763-1 (All versions >= V1.1.0), SCALANCE WAM766-1 (All versions >= V1.1.0), SCALANCE WAM766-1 (All versions >= V1.1.0), SCALANCE WAM766-1 6GHz (All versions >= V1.1.0), SCALANCE WAM766-1 EEC (All versions >= V1.1.0), SCALANCE WAM766-1 EEC (All versions >= V1.1.0), SCALANCE WAM766-1 EEC 6GHz (All versions >= V1.1.0), SCALANCE WUM763-1 (All versions >= V1.1.0), SCALANCE WUM763-1 (All versions >= V1.1.0), SCALANCE WUM766-1 (All versions >= V1.1.0), SCALANCE WUM766-1 (All versions >= V1.1.0), SCALANCE WUM766-1 6GHz (All versions >= V1.1.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service and reboot the device thus possibly affecting other network resources.	2022-10-11	8.6	CVE-2022-31766 MISC
siemens — simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware	A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication.	2022-10-11	7.8	CVE-2022-38465 MISC
siemens — simatic_hmi_comfort_panels_firmware	A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets.	2022-10-11	7.5	CVE-2022-40227 MISC
siemens — solid_edge	A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). The affected application contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17627)	2022-10-11	7.8	CVE-2022-37864 MISC
simple_cold_storage_management_system_project — simple_cold_storage_managment_system	Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=.	2022-10-11	7.2	CVE-2022-42230 MISC
simple_online_public_access_catalog_project — simple_online_public_access_catalog	A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784.	2022-10-14	7.2	CVE-2022-3495 MISC MISC
slack_morphism_project — slack_morphism	Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slack webhooks may disable or filter debug logs.	2022-10-10	7.5	CVE-2022-39292 CONFIRM MISC
sonicwall — global_management_system	SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application’s binaries and configuration files.	2022-10-13	7.5	CVE-2021-20030 CONFIRM
tenda — ac1206_firmware	Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.	2022-10-12	7.5	CVE-2022-42079 MISC
tenda — ac1206_firmware	Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter.	2022-10-12	7.5	CVE-2022-42080 MISC
tenda — ac1206_firmware	Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter.	2022-10-12	7.5	CVE-2022-42081 MISC
traefik — traefik	Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.	2022-10-11	7.5	CVE-2022-39271 MISC CONFIRM MISC
trendmicro — apex_one	A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.	2022-10-10	9.1	CVE-2022-41746 MISC MISC
trendmicro — apex_one	An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2022-10-10	7.8	CVE-2022-41747 MISC MISC
trendmicro — apex_one	An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2022-10-10	7.8	CVE-2022-41749 MISC MISC
trendmicro — apex_one	A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2022-10-10	7	CVE-2022-41744 MISC MISC
trendmicro — apex_one	An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2022-10-10	7	CVE-2022-41745 MISC MISC
vmware — vcenter_server	The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.	2022-10-07	9.1	CVE-2022-31680 MISC MISC
wayos — lq-09_firmware	WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm.	2022-10-13	8.1	CVE-2022-41489 MISC
web-based_student_clearance_system_project — web-based_student_clearance_system	A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210367.	2022-10-09	7.5	CVE-2022-3436 MISC
webpack.js — loader-utils	Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js.	2022-10-12	9.8	CVE-2022-37601 MISC MISC MISC
webpack.js — loader-utils	A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.	2022-10-11	7.5	CVE-2022-37599 MISC MISC MISC
wedding_planner_project — wedding_planner	Wedding Planner v1.0 is vulnerable to arbitrary code execution.	2022-10-07	9.8	CVE-2022-42075 MISC MISC
wedding_planner_project — wedding_planner	Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.	2022-10-11	8.8	CVE-2022-42034 MISC
wedding_planner_project — wedding_planner	Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php.	2022-10-11	8.8	CVE-2022-42229 MISC
wijungle — u250_firmware	WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over.	2022-10-12	9.8	CVE-2022-33106 MISC MISC
woo_billingo_plus_project — woo_billingo_plus	The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin’s license	2022-10-10	7.1	CVE-2022-3154 MISC
xmldom_project — xmldom	A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable.	2022-10-11	9.8	CVE-2022-37616 MISC MISC MISC MISC
zkteco — zkbiosecurity_v5000	An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.	2022-10-07	8.8	CVE-2022-36634 MISC MISC MISC
zkteco — zkbiosecurity_v5000	ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.	2022-10-07	8.8	CVE-2022-36635 MISC MISC MISC
zoneminder — zoneminder	ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.	2022-10-07	7.5	CVE-2022-39289 MISC CONFIRM

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adguard — adguardhome	In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules.	2022-10-11	4.3	CVE-2022-32175 MISC MISC
adobe — acrobat_reader	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-35691 MISC
adobe — acrobat_reader	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-38437 MISC
adobe — acrobat_reader	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-38449 MISC
adobe — acrobat_reader	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-42342 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges.	2022-10-14	4.9	CVE-2022-38423 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.	2022-10-14	5.9	CVE-2022-38419 MISC
adobe — commerce	Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction.	2022-10-14	5.3	CVE-2022-35689 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-38443 MISC
arubanetworks — instant	An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.	2022-10-07	6.5	CVE-2022-37894 MISC
arubanetworks — instant	A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.	2022-10-07	6.1	CVE-2022-37896 MISC
arubanetworks — instant	A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability.	2022-10-07	5.4	CVE-2022-37892 MISC
arubanetworks — instant	An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.	2022-10-07	4.9	CVE-2022-37895 MISC
asset_cleanup\ — _page_speed_booster_project	Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan’s Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.	2022-10-11	4.8	CVE-2021-36899 CONFIRM CONFIRM
avaya — aura_communication_manager	Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.	2022-10-12	6.7	CVE-2022-2249 CONFIRM
bevywise — mqttroute	A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field.	2022-10-13	5.4	CVE-2022-35612 MISC
bevywise — mqttroute	A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.	2022-10-13	4.3	CVE-2022-35611 MISC
boodskap — iot_platform	Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.	2022-10-13	6.5	CVE-2022-35136 MISC
boodskap — iot_platform	Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.	2022-10-13	5.4	CVE-2022-35134 MISC
book_store_management_system_project — book_store_management_system	A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument category_name leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210436.	2022-10-11	5.4	CVE-2022-3452 MISC
book_store_management_system_project — book_store_management_system	A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /transcation.php. The manipulation of the argument buyer_name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210437 was assigned to this vulnerability.	2022-10-11	5.4	CVE-2022-3453 MISC
brainvire — disable_user_login	The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.	2022-10-10	5.3	CVE-2022-2350 MISC
cert — vince	An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the “Product Affected” field.	2022-10-10	5.4	CVE-2022-40248 MISC
cert — vince	An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.	2022-10-10	5.4	CVE-2022-40257 MISC
cisco — ios_xe	A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the boot process of the affected device. To exploit this vulnerability, the attacker needs either unauthenticated physical access to the device or privileged access to the root shell on the device. Note: In Cisco IOS XE Software releases 16.11.1 and later, root shell access is protected by the Consent Token mechanism. However, an attacker with level-15 privileges could easily downgrade the Cisco IOS XE Software running on a device to a release where root shell access is more readily available.	2022-10-10	6.8	CVE-2022-20944 CISCO
cisco — ios_xe_rom_monitor	A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password.	2022-10-10	4.6	CVE-2022-20864 CISCO
cisco — sd-wan_vmanage	A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.	2022-10-10	5.3	CVE-2022-20830 CISCO
cozmoslabs — profile_builder	Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.	2022-10-11	4.3	CVE-2021-36915 CONFIRM CONFIRM
crealogix — ebics_server	A vulnerability was found in Crealogix EBICS 7.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ebics-server/ebics.aspx. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-210374 is the identifier assigned to this vulnerability.	2022-10-10	6.1	CVE-2022-3442 N/A N/A
d-bus_project — d-bus	An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.	2022-10-10	6.5	CVE-2022-42010 CONFIRM MISC FEDORA
d-bus_project — d-bus	An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.	2022-10-10	6.5	CVE-2022-42011 CONFIRM MISC FEDORA
d-bus_project — d-bus	An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.	2022-10-10	6.5	CVE-2022-42012 CONFIRM MISC FEDORA
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.	2022-10-12	4.4	CVE-2022-32483 MISC
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.	2022-10-12	4.4	CVE-2022-32484 MISC
dell — cloud_mobility_for_dell_emc_storage	Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application.	2022-10-11	6.7	CVE-2022-34434 MISC
dell — geodrive	Dell GeoDrive, Versions 2.1 – 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information.	2022-10-12	5.5	CVE-2022-33918 MISC
dell — hybrid_client	Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible.	2022-10-11	6.5	CVE-2022-34431 MISC
dell — wyse_thinos	Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service.	2022-10-10	4.9	CVE-2022-34402 MISC
eng — knowage	Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds.	2022-10-13	6.1	CVE-2022-39295 CONFIRM MISC
fatfreecrm — fatfreecrm	fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit `c85a254` and will be available in release `0.20.1`. Users are advised to upgrade or to manually apply patch `c85a254`. There are no known workarounds for this issue.	2022-10-08	6.5	CVE-2022-39281 MISC MISC CONFIRM
flatpress — flatpress	Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.	2022-10-11	5.4	CVE-2022-40047 MISC MISC
fontmeister_project — fontmeister	Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress.	2022-10-11	6.1	CVE-2022-33978 CONFIRM CONFIRM
fortinet — fortimanager	An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path.	2022-10-10	5.3	CVE-2022-26121 CONFIRM
getshortcodes — shortcodes_ultimate	Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change.	2022-10-11	4.3	CVE-2022-38086 CONFIRM CONFIRM
gin-vue-admin_project — gin-vue-admin	In “Gin-Vue-Admin”, versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the ‘Normal Upload’ functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover.	2022-10-14	5.4	CVE-2022-32177 CONFIRM MISC
gnu — osip	GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.	2022-10-11	6.5	CVE-2022-41550 MISC
google — android	In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel	2022-10-11	6.7	CVE-2022-20409 MISC
google — android	In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230794395	2022-10-11	6.7	CVE-2022-20412 MISC
google — android	In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID: ALPS07262305.	2022-10-07	6.7	CVE-2022-26452 MISC
google — android	In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID: ALPS07342197.	2022-10-07	6.7	CVE-2022-26473 MISC
google — android	In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717.	2022-10-07	6.7	CVE-2022-26474 MISC
google — android	In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743.	2022-10-07	6.7	CVE-2022-26475 MISC
google — android	In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425.	2022-10-07	6.7	CVE-2022-32590 MISC
google — android	In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405.	2022-10-07	6.7	CVE-2022-32592 MISC
google — android	In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493.	2022-10-07	6.7	CVE-2022-32593 MISC
google — android	In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921	2022-10-11	5.5	CVE-2022-20351 MISC
google — android	In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235850634	2022-10-11	5.5	CVE-2022-20413 MISC
google — android	In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235823407	2022-10-11	5.5	CVE-2022-20425 MISC
google — android	In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242258929	2022-10-11	5.5	CVE-2022-20437 MISC
google — android	In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259920	2022-10-11	5.5	CVE-2022-20438 MISC
google — android	In Messaging, There has unauthorized provider, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242266172	2022-10-11	5.5	CVE-2022-20439 MISC
google — android	In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259918	2022-10-11	5.5	CVE-2022-20440 MISC
google — android	In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/A	2022-10-14	5.5	CVE-2022-20464 MISC
google — android	Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.	2022-10-07	5.3	CVE-2022-39847 MISC
google — android	In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-204906124	2022-10-11	5	CVE-2022-20394 MISC
google — android	In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel	2022-10-11	4.6	CVE-2022-20423 MISC
google — android	Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices.	2022-10-07	4.3	CVE-2022-39855 MISC
hashicorp — nomad	HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.	2022-10-12	6.5	CVE-2022-41606 MISC MISC
hashicorp — vault	HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role’s CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.	2022-10-12	5.3	CVE-2022-41316 MISC MISC
haskell — aeson	The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.	2022-10-10	6.5	CVE-2022-3433 MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability.	2022-10-13	6.5	CVE-2022-3470 MISC MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-210717 was assigned to this vulnerability.	2022-10-13	6.5	CVE-2022-3473 MISC MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210773 was assigned to this vulnerability.	2022-10-13	5.4	CVE-2022-3493 MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. VDB-210786 is the identifier assigned to this vulnerability.	2022-10-14	5.4	CVE-2022-3497 MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831.	2022-10-14	5.4	CVE-2022-3502 MISC MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210715.	2022-10-13	4.9	CVE-2022-3471 MISC MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in SourceCodester Human Resource Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file city.php. The manipulation of the argument cityedit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210716.	2022-10-13	4.9	CVE-2022-3472 MISC MISC
ibm — navigator_mobile	IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.	2022-10-11	5.5	CVE-2022-38388 CONFIRM XF
ibm — sterling_partner_engagement_manager	IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704.	2022-10-10	6.5	CVE-2022-34334 CONFIRM XF
ikus-soft — rdiffweb	Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.	2022-10-10	6.1	CVE-2022-3438 CONFIRM MISC
isc — dhcp	In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.	2022-10-07	6.5	CVE-2022-2929 CONFIRM MLIST FEDORA
jgraph — mxgraph	mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function.	2022-10-12	6.1	CVE-2022-40440 MISC MISC MISC
johnsoncontrols — c-cure_9000_firmware	Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.	2022-10-11	5.3	CVE-2021-36201 CERT CONFIRM
johnsoncontrols — metasys_extended_application_and_data_server	On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.	2022-10-07	6.5	CVE-2022-21936 CERT CONFIRM
libreoffice — libreoffice	LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme ‘vnd.libreoffice.command’ specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.	2022-10-11	6.3	CVE-2022-3140 MISC DEBIAN
liferay — liferay_portal	An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.	2022-10-07	5.3	CVE-2022-41414 MISC
linux — linux_kernel	mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.	2022-10-09	5.5	CVE-2022-42703 MISC MISC MISC MISC
linux — linux_kernel	A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.	2022-10-08	4.3	CVE-2022-3435 N/A N/A FEDORA FEDORA
merchandise_online_store_project — merchandise_online_store	A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.	2022-10-11	5.4	CVE-2022-42236 MISC
metaslider — slider\,_gallery\,_and_carousel	The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-10	4.8	CVE-2022-2823 MISC
metroui — metro_ui	Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function.	2022-10-11	6.1	CVE-2022-41376 MISC
microsoft — azure_service_fabric	Service Fabric Explorer Spoofing Vulnerability.	2022-10-11	4.8	CVE-2022-35829 MISC
microsoft — edge_chromium	Microsoft Edge (Chromium-based) Spoofing Vulnerability.	2022-10-11	5.3	CVE-2022-41035 MISC
microsoft — office	Microsoft Office Spoofing Vulnerability.	2022-10-11	6.5	CVE-2022-38001 MISC
microsoft — office	Microsoft Office Information Disclosure Vulnerability.	2022-10-11	5.3	CVE-2022-41043 MISC
microsoft — storsimple_8010_firmware	StorSimple 8000 Series Elevation of Privilege Vulnerability.	2022-10-11	6.8	CVE-2022-38017 MISC
microsoft — windows_10	Windows NTLM Spoofing Vulnerability.	2022-10-11	6.5	CVE-2022-35770 MISC
microsoft — windows_10	Windows Mixed Reality Developer Tools Information Disclosure Vulnerability.	2022-10-11	6.5	CVE-2022-37974 MISC
microsoft — windows_10	Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability.	2022-10-11	6.5	CVE-2022-37977 MISC
microsoft — windows_10	Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability.	2022-10-11	5.9	CVE-2022-37965 MISC
microsoft — windows_10	Windows Graphics Component Information Disclosure Vulnerability.	2022-10-11	5.5	CVE-2022-37985 MISC
microsoft — windows_10	Windows Event Logging Service Denial of Service Vulnerability.	2022-10-11	4.3	CVE-2022-37981 MISC
microsoft — windows_server_2008	Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability.	2022-10-11	6.8	CVE-2022-38032 MISC
microsoft — windows_server_2008	Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability.	2022-10-11	6.5	CVE-2022-38033 MISC
microsoft — windows_server_2008	Windows DHCP Client Information Disclosure Vulnerability.	2022-10-11	5.5	CVE-2022-38026 MISC
microsoft — windows_server_2008	Windows Security Support Provider Interface Information Disclosure Vulnerability.	2022-10-11	5.3	CVE-2022-38043 MISC
microsoft — windows_server_2012	Windows Kernel Memory Information Disclosure Vulnerability.	2022-10-11	5.5	CVE-2022-37996 MISC
microsoft — windows_server_2019	Windows USB Serial Driver Information Disclosure Vulnerability.	2022-10-11	4.3	CVE-2022-38030 MISC
microsoft — windows_server_2022	Windows Distributed File System (DFS) Information Disclosure Vulnerability.	2022-10-11	5.5	CVE-2022-38025 MISC
misp-project — malware_information_sharing_platform	app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).	2022-10-10	4.3	CVE-2022-42724 MISC
octopus — octopus_server	In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability	2022-10-13	6.5	CVE-2022-2828 MISC
octopus — octopus_server	In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.	2022-10-12	5.3	CVE-2022-2720 MISC
online_birth_certificate_management_system_project — online_birth_certificate_management_system	Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability.	2022-10-14	5.4	CVE-2022-42069 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567.	2022-10-14	6.5	CVE-2022-35040 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f.	2022-10-14	6.5	CVE-2022-35041 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11.	2022-10-14	6.5	CVE-2022-35042 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6.	2022-10-14	6.5	CVE-2022-35043 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087.	2022-10-14	6.5	CVE-2022-35044 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63.	2022-10-14	6.5	CVE-2022-35045 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466.	2022-10-14	6.5	CVE-2022-35046 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa.	2022-10-14	6.5	CVE-2022-35047 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c.	2022-10-14	6.5	CVE-2022-35048 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5.	2022-10-14	6.5	CVE-2022-35049 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de.	2022-10-14	6.5	CVE-2022-35050 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b55af.	2022-10-14	6.5	CVE-2022-35051 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1.	2022-10-14	6.5	CVE-2022-35052 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x61731f.	2022-10-14	6.5	CVE-2022-35053 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2.	2022-10-14	6.5	CVE-2022-35054 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473.	2022-10-14	6.5	CVE-2022-35055 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478.	2022-10-14	6.5	CVE-2022-35056 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce.	2022-10-14	6.5	CVE-2022-35058 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414.	2022-10-14	6.5	CVE-2022-35059 MISC MISC
pencidesign — soledad	The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],…} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.	2022-10-10	6.1	CVE-2022-3209 MISC
picuploader_project — picuploader	PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php.	2022-10-07	6.1	CVE-2022-41442 MISC MISC
premium-themes — cryptocurrency_pricing_list_and_ticker	The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue	2022-10-10	6.1	CVE-2021-25044 MISC
projectworlds — online_examination_system	Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php.	2022-10-14	6.1	CVE-2022-42066 MISC MISC
puppycms — puppycms	A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-210699.	2022-10-12	6.1	CVE-2022-3464 N/A
purchase_order_management_system_project — purchase_order_management_system	A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210832.	2022-10-14	5.4	CVE-2022-3503 MISC MISC
resiot — iot_platform_and_lorawan_network_server	Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.	2022-10-13	5.4	CVE-2022-34021 MISC
resmush.it — resmush.it_image_optimizer	The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfiltered_html is disallowed.	2022-10-10	4.8	CVE-2022-2448 MISC
rpcms — rpcms	RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.	2022-10-13	6.5	CVE-2022-41474 MISC
rpcms — rpcms	RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.	2022-10-13	6.1	CVE-2022-41473 MISC
samsung — account	Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.	2022-10-07	5.5	CVE-2022-39874 MISC
samsung — account	Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.	2022-10-07	4.7	CVE-2022-39863 MISC
samsung — account	Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.	2022-10-07	4.4	CVE-2022-39875 MISC
samsung — checkout	Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.	2022-10-07	5.5	CVE-2022-39878 MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-39807 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41166 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41169 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41171 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41173 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41174 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41176 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41178 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41181 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41182 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41183 MISC MISC
sap — business_objects_business_intelligence_platform	Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.	2022-10-11	6.5	CVE-2022-39015 MISC MISC
sap — businessobjects_business_intelligence	SAP BusinessObjects BI LaunchPad – versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.	2022-10-11	6.1	CVE-2022-39800 MISC MISC
sap — businessobjects_business_intelligence	SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) – versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application.	2022-10-11	5.4	CVE-2022-41206 MISC MISC
sap — businessobjects_business_intelligence	Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.	2022-10-11	4.9	CVE-2022-35296 MISC MISC
sap — customer_data_cloud	SAP Customer Data Cloud (Gigya mobile app for Android) – version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.	2022-10-11	5.2	CVE-2022-41209 MISC MISC
sap — customer_data_cloud	SAP Customer Data Cloud (Gigya mobile app for Android) – version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.	2022-10-11	5.2	CVE-2022-41210 MISC MISC
sap — data_services	SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application’s immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console.	2022-10-11	6.1	CVE-2022-35226 MISC MISC
sap — enable_now	The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.	2022-10-11	5.4	CVE-2022-35297 MISC MISC
shortpixel — enable_media_replace	The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example	2022-10-10	4.9	CVE-2022-2554 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Endpoints of the “Operation” web application that interpret and execute Axon language queries allow file read access to the device file system with root privileges. By supplying specific I/O related Axon queries, a remote low-privileged attacker can read sensitive files on the device.	2022-10-11	5.7	CVE-2022-40177 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Improper Neutralization of Input During Web Page Generation exists in the “Import Files“ functionality of the “Operation” web application, due to the missing validation of the titles of files included in the input package. By uploading a specifically crafted graphics package, a remote low-privileged attacker can execute arbitrary JavaScript code.	2022-10-11	5.4	CVE-2022-40178 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in the “Import Files“ functionality of the “Operation” web application due to the missing validation of anti-CSRF tokens or other origin checks. A remote unauthenticated attacker can upload and enable permanent arbitrary JavaScript code into the device just by convincing a victim to visit a specifically crafted webpage while logged-in to the device web application.	2022-10-11	5.3	CVE-2022-40180 MISC
siemens — logo\!_8_bm_firmware	A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory.	2022-10-11	5.3	CVE-2022-36363 MISC
siemens — scalance_x200-4p_irt_firmware	A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.	2022-10-11	6.1	CVE-2022-40631 MISC
simplefilelist — simple-file-list	The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it’s content via a CSRF attack.	2022-10-10	6.5	CVE-2022-3208 MISC
simplefilelist — simple-file-list	The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-10	4.8	CVE-2022-3207 MISC
solarwinds — network_configuration_manager	An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.	2022-10-10	6.5	CVE-2021-35226 MISC
student_clearance_system_project — student_clearance_system	A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form.	2022-10-11	5.4	CVE-2022-42235 MISC
swftools — swftools	SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c.	2022-10-13	5.5	CVE-2022-35080 MISC MISC
swftools — swftools	SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c.	2022-10-13	5.5	CVE-2022-35081 MISC MISC
taskbuilder — taskbuilder	The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task’s attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file	2022-10-10	5.4	CVE-2022-3137 MISC
tenda — ac1206_firmware	Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.	2022-10-12	6.5	CVE-2022-42077 MISC
tenda — ac1206_firmware	Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.	2022-10-12	6.5	CVE-2022-42078 MISC
tenda — ax1803_firmware	Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode.	2022-10-12	6.5	CVE-2022-42086 MISC
tenda — ax1803_firmware	Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.	2022-10-12	6.5	CVE-2022-42087 MISC
tiny-csrf_project — tiny-csrf	tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit `8eead6d` and the patch with be included in version 1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.	2022-10-07	6.5	CVE-2022-39287 CONFIRM MISC
totaljs — total.js	A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings.	2022-10-07	5.4	CVE-2022-41392 MISC MISC MISC
trendmicro — apex_one	A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product’s anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability.	2022-10-10	6.7	CVE-2022-41748 MISC
vanderbilt — redcap	A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.	2022-10-12	6.1	CVE-2022-42715 MISC MISC MISC
vmware — esxi	VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.	2022-10-07	6.5	CVE-2022-31681 MISC
vmware — vrealize_operations	VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.	2022-10-11	4.9	CVE-2022-31682 MISC
web-based_student_clearance_system_project — web-based_student_clearance_system	A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been rated as problematic. Affected by this issue is the function prepare of the file /Admin/add-student.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210356.	2022-10-08	5.4	CVE-2022-3434 N/A N/A
webgilde — advanced_comment_form	The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.	2022-10-10	4.8	CVE-2022-3220 MISC
wpchill — download_monitor	The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.	2022-10-10	4.9	CVE-2022-2981 MISC
wpdarko — top_bar	The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-10	4.8	CVE-2022-2629 MISC
wpsocialrocket — social_rocket	The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-10	4.8	CVE-2022-3136 MISC
wpwhitesecurity — wp_2fa	The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don’t mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.	2022-10-10	5.9	CVE-2022-2891 MISC
xen — xapi	XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors.	2022-10-11	5.3	CVE-2022-33749 MISC CONFIRM MLIST
xen — xen	P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing.	2022-10-11	6.5	CVE-2022-33746 MISC CONFIRM MLIST
xen — xen	lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU.	2022-10-11	5.6	CVE-2022-33748 MISC CONFIRM MLIST
zimbra — collaboration	An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure.	2022-10-12	6.1	CVE-2022-41348 MISC MISC
zimbra — collaboration	In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim’s machine.	2022-10-12	6.1	CVE-2022-41349 MISC MISC
zimbra — collaboration	In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim’s machine.	2022-10-12	6.1	CVE-2022-41350 MISC MISC
zimbra — collaboration	In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).	2022-10-12	6.1	CVE-2022-41351 MISC MISC
zoneminder — zoneminder	ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.	2022-10-07	6.5	CVE-2022-39290 CONFIRM MISC
zoneminder — zoneminder	ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current “tr” “td” brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the “view=log” page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging.	2022-10-07	5.4	CVE-2022-39285 MISC MISC CONFIRM
zoneminder — zoneminder	ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with “View” system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the “/zm/index.php” endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.	2022-10-07	5.4	CVE-2022-39291 MISC MISC MISC CONFIRM MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
google — android	Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.	2022-10-07	3.3	CVE-2022-36868 MISC
google — android	Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission.	2022-10-07	3.3	CVE-2022-39851 MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41592 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41593 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41594 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41595 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41597 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41598 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41600 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41601 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41602 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41603 MISC MISC
microsoft — windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.	2022-10-11	3.3	CVE-2022-38022 MISC
samsung — factorycamera	Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege.	2022-10-07	3.3	CVE-2022-39861 MISC
samsung — quick_share	Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.	2022-10-07	3.5	CVE-2022-39860 MISC
samsung — reminder	Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI.	2022-10-07	3.3	CVE-2022-39876 MISC
samsung — sharelive	Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.	2022-10-07	3.3	CVE-2022-39872 MISC
xen — xen	Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest’s P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings.	2022-10-11	3.8	CVE-2022-33747 MISC CONFIRM MLIST

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
389-ds-base — 389-ds-base	A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.	2022-10-14	not yet calculated	CVE-2022-2850 MISC MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.	2022-10-14	not yet calculated	CVE-2022-35690 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	not yet calculated	CVE-2022-38444 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	not yet calculated	CVE-2022-38445 MISC
apache — apache_commons_text	Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is “${prefix:name}”, where “prefix” is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: – “script” – execute expressions using the JVM script execution engine (javax.script) – “dns” – resolve dns records – “url” – load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.	2022-10-13	not yet calculated	CVE-2022-42889 CONFIRM MLIST
apache — kylin	Kylin’s cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “– conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.	2022-10-13	not yet calculated	CVE-2022-24697 CONFIRM
atlassian — jira	The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.	2022-10-14	not yet calculated	CVE-2022-36802 MISC
atlassian — jira	The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.	2022-10-14	not yet calculated	CVE-2022-36803 MISC
autodesk — design_review	A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	not yet calculated	CVE-2022-41306 MISC
autodesk — fbx_sdk	An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	not yet calculated	CVE-2022-41302 MISC
autodesk — fbx_sdk	A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.	2022-10-14	not yet calculated	CVE-2022-41303 MISC
autodesk — fbx_sdk	An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.	2022-10-14	not yet calculated	CVE-2022-41304 MISC
autodesk — subassembly_composer	A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	not yet calculated	CVE-2022-41305 MISC
autodesk — subassembly_composer	A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	not yet calculated	CVE-2022-41307 MISC
autodesk — subassembly_composer	A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	not yet calculated	CVE-2022-41308 MISC
d-link_covr — d-link_covr	D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.	2022-10-13	not yet calculated	CVE-2022-42159 MISC MISC
d-link_covr — d-link_covr	D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.	2022-10-13	not yet calculated	CVE-2022-42161 MISC MISC
d-link_covr — d-link_covr	D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.	2022-10-13	not yet calculated	CVE-2022-42156 MISC MISC
d-link_covr — d-link_covr	D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings.	2022-10-13	not yet calculated	CVE-2022-42160 MISC MISC
gitee — openharmony	OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.	2022-10-14	not yet calculated	CVE-2022-42464 MISC
gitee — openharmony	OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.	2022-10-14	not yet calculated	CVE-2022-42488 MISC
gitee — openharmony	OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.	2022-10-14	not yet calculated	CVE-2022-41686 MISC
gitee — openharmony	OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.	2022-10-14	not yet calculated	CVE-2022-42463 MISC
go — parseacceptlanguage	An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.	2022-10-14	not yet calculated	CVE-2022-32149 MISC MISC MISC MISC
go — reader.read	Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.	2022-10-14	not yet calculated	CVE-2022-2879 MISC MISC MISC MISC
go — reverseproxy	Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request’s Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.	2022-10-14	not yet calculated	CVE-2022-2880 MISC MISC MISC MISC
gocd — gocd	GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the “Access Token Management” admin function.	2022-10-14	not yet calculated	CVE-2022-39308 MISC MISC MISC CONFIRM
gocd — gocd	GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation endpoint exposed agent communication and allowed deserialization of arbitrary java objects, as well as subsequent remote code execution. Exploitation requires agent-level authentication, thus an attacker would need to either compromise an existing agent, its network communication or register a new agent to practically exploit this vulnerability. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds.	2022-10-14	not yet calculated	CVE-2022-39311 CONFIRM MISC MISC
gocd — gocd	GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds.	2022-10-14	not yet calculated	CVE-2022-39309 MISC MISC CONFIRM MISC
gocd — gocd	GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to broken access control and incorrect validation of agent tokens within the GoCD server. Since work packages can contain sensitive information such as credentials intended only for a given job running against a specific agent environment, this can cause accidental information disclosure. Exploitation requires knowledge of agent identifiers and ability to authenticate as an existing agent with the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds.	2022-10-14	not yet calculated	CVE-2022-39310 MISC MISC CONFIRM
grafana — grafana	Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user’s Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds.	2022-10-13	not yet calculated	CVE-2022-39201 CONFIRM MISC MISC MISC
grafana — grafana	Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user’s login attempt by registering someone else’e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`’s email address. This prevents `user_1` logging into the application since `user_1`’s password won’t match with `user_2`’s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue.	2022-10-13	not yet calculated	CVE-2022-39229 MISC MISC CONFIRM
huawei — harmonyos	The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data.	2022-10-14	not yet calculated	CVE-2022-38977 MISC
huawei — harmonyos	The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions.	2022-10-14	not yet calculated	CVE-2022-38980 MISC
huawei — harmonyos	The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.	2022-10-14	not yet calculated	CVE-2022-38981 MISC
huawei — harmonyos	The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.	2022-10-14	not yet calculated	CVE-2022-38982 MISC
huawei — harmonyos	The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.	2022-10-14	not yet calculated	CVE-2022-38983 MISC MISC
huawei — harmonyos	The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.	2022-10-14	not yet calculated	CVE-2022-38984 MISC MISC
huawei — harmonyos	The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.	2022-10-14	not yet calculated	CVE-2022-38985 MISC MISC
huawei — harmonyos	The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.	2022-10-14	not yet calculated	CVE-2022-38986 MISC MISC
huawei — harmonyos	The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.	2022-10-14	not yet calculated	CVE-2022-39011 MISC MISC
huawei — harmonyos	The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.	2022-10-14	not yet calculated	CVE-2021-46839 MISC MISC
huawei — harmonyos	The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.	2022-10-14	not yet calculated	CVE-2021-46840 MISC MISC
huawei — harmonyos	The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.	2022-10-14	not yet calculated	CVE-2022-38998 MISC MISC
huawei — emui/magic_ui	The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.	2022-10-14	not yet calculated	CVE-2022-41578 MISC MISC
huawei — emui/magic_ui	The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.	2022-10-14	not yet calculated	CVE-2022-41580 MISC MISC
huawei — emui/magic_ui	The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.	2022-10-14	not yet calculated	CVE-2022-41583 MISC MISC
huawei — emui/magic_ui	The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.	2022-10-14	not yet calculated	CVE-2022-41584 MISC MISC
huawei — emui/magic_ui	The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.	2022-10-14	not yet calculated	CVE-2022-41585 MISC MISC
huawei — emui/magic_ui	The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.	2022-10-14	not yet calculated	CVE-2022-41586 MISC MISC
huawei — emui/magic_ui	Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.	2022-10-14	not yet calculated	CVE-2022-41587 MISC
huawei — emui/magic_ui	The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.	2022-10-14	not yet calculated	CVE-2022-41588 MISC MISC
huawei — emui/magic_ui	The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.	2022-10-14	not yet calculated	CVE-2022-41589 MISC MISC
huawei — emui/magic_ui	The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.	2022-10-14	not yet calculated	CVE-2022-41581 MISC MISC
huawei — emui/magic_ui	The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.	2022-10-14	not yet calculated	CVE-2022-41582 MISC MISC
ikea — tradfri_smart_lights	An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H	2022-10-14	not yet calculated	CVE-2022-39064 MISC
ikea — tradfri_smart_lights	A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2022-10-14	not yet calculated	CVE-2022-39065 MISC
istio — istiod	Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.	2022-10-13	not yet calculated	CVE-2022-39278 MISC CONFIRM MISC MISC
jasper — jasper	A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.	2022-10-14	not yet calculated	CVE-2022-2963 MISC MISC MISC
liferay — digital_experience_platform	A Cross-site scripting (XSS) vulnerability in the Blog module – add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.	2022-10-13	not yet calculated	CVE-2022-38902 MISC MISC MISC
linux — linux_kernel	Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.	2022-10-14	not yet calculated	CVE-2022-42720 MISC MISC MISC FEDORA FEDORA
linux — linux_kernel	A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.	2022-10-14	not yet calculated	CVE-2022-42721 MISC MISC MISC FEDORA FEDORA
linux — linux_kernel	An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.	2022-10-14	not yet calculated	CVE-2022-41674 MISC MISC MISC MISC MISC FEDORA FEDORA
linux — linux_kernel	A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.	2022-10-13	not yet calculated	CVE-2022-42719 MISC MISC MISC MISC FEDORA FEDORA
linux — linux_kernel	In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.	2022-10-14	not yet calculated	CVE-2022-42722 MISC MISC MISC FEDORA FEDORA
microsoft — azure	Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L165), as header_length. Then in [L178 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L178), there is a “if” branch, which check the expression of “(header_length – UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE) > data_length” where if header_length is smaller than UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE, calculation could overflow and then [L182 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L182) the calculation of data_length is also overflow, this way the later [while loop start from L192](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L192) can move data_pointer to unexpected address and cause write buffer overflow. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). The following can be used as a workaround: Add check of `header_length`: 1. It must be greater than `UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE`. 1. It should be greater or equal to the current returned data length (`transfer_request -> ux_transfer_request_actual_length`).	2022-10-13	not yet calculated	CVE-2022-39293 MISC CONFIRM
mikrotik — routeros	The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.	2022-10-15	not yet calculated	CVE-2017-20149 MISC MISC
multiple_vendors — multiple_products	Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.	2022-10-14	not yet calculated	CVE-2022-41715 MISC MISC MISC MISC
nss — nss	A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.	2022-10-14	not yet calculated	CVE-2022-3479 MISC MISC
october — october	October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the “Editor” section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66.	2022-10-13	not yet calculated	CVE-2022-35944 CONFIRM
octopus_deploy — server	In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.	2022-10-14	not yet calculated	CVE-2022-2780 MISC
oxhoo_tp50 — oxhoo_tp50	An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html.	2022-10-14	not yet calculated	CVE-2022-41436 MISC
perfact — openvpn-client	An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.	2022-10-14	not yet calculated	CVE-2021-27406 CONFIRM
ree6 — ree6	Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as “Better-Audit-Logging” which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.	2022-10-14	not yet calculated	CVE-2022-39302 CONFIRM MISC
resistiot — iot_platform_+_lowrawan_network_server	SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.	2022-10-13	not yet calculated	CVE-2022-34022 MISC
simple_cold_storage_management_system — simple_cold_storage_management_system	Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage.	2022-10-14	not yet calculated	CVE-2022-42232 MISC
sourcecodester — online_birth_certificate_management_system	Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability	2022-10-14	not yet calculated	CVE-2022-42067 MISC MISC
sourcecodester — online_birth_certificate_management_system	Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF).	2022-10-14	not yet calculated	CVE-2022-42070 MISC MISC
sourcecodester — online_birth_certificate_management_system	Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability.	2022-10-14	not yet calculated	CVE-2022-42071 MISC MISC
sourcecodester — online_tours_&_travels_management_system	Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php.	2022-10-14	not yet calculated	CVE-2022-41416 MISC
sourcecodester — sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php.	2022-10-14	not yet calculated	CVE-2022-41535 MISC
sourcecodester — sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php.	2022-10-14	not yet calculated	CVE-2022-41536 MISC
sourcecodester — sanitization_management_system	A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Quote Requests Tab. The manipulation of the argument Manage Remarks leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-211015.	2022-10-15	not yet calculated	CVE-2022-3519 MISC
sourcecodester — sanitization_management_system	A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability.	2022-10-15	not yet calculated	CVE-2022-3518 MISC
sourcecodester — sanitization_management_system	A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. This issue affects some unknown processing of the file /php-sms/?p=services/view_service. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210839.	2022-10-14	not yet calculated	CVE-2022-3504 N/A N/A
sourcecodester — sanitization_management_system	A vulnerability was found in SourceCodester Sanitization Management System. It has been classified as problematic. Affected is an unknown function of the file /php-sms/admin/. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210840.	2022-10-14	not yet calculated	CVE-2022-3505 N/A N/A
sourcecodester — wedding_planner	Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-14	not yet calculated	CVE-2022-41538 MISC
sourcecodester — wedding_planner	Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-14	not yet calculated	CVE-2022-41539 MISC
tenda — ac1200	Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.	2022-10-13	not yet calculated	CVE-2022-41480 MISC MISC
tenda — ac1200	Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.	2022-10-13	not yet calculated	CVE-2022-41481 MISC MISC
tenda — ac1200	Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.	2022-10-13	not yet calculated	CVE-2022-41483 MISC MISC
tenda — ac1200	Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.	2022-10-13	not yet calculated	CVE-2022-41485 MISC MISC
tenda — ac1200	Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.	2022-10-13	not yet calculated	CVE-2022-41482 MISC MISC
tenda — ac1900	Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.	2022-10-13	not yet calculated	CVE-2022-41484 MISC MISC
triangle_microworks — multiple_products	The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition.	2022-10-11	not yet calculated	CVE-2022-38138 MISC
ucms — ucms	There is a file inclusion vulnerability in the template management module in UCMS 1.6	2022-10-14	not yet calculated	CVE-2022-42234 MISC
unisoc — multiple_products	In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-38671 MISC
unisoc — multiple_products	In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-38690 MISC
unisoc — multiple_products	In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38677 MISC
unisoc — multiple_products	In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-38673 MISC
unisoc — multiple_products	In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-38672 MISC
unisoc — multiple_products	In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-38676 MISC
unisoc — multiple_products	In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-2984 MISC
unisoc — multiple_products	In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38687 MISC
unisoc — multiple_products	In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38697 MISC
unisoc — multiple_products	In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38698 MISC
unisoc — multiple_products	In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39080 MISC
unisoc — multiple_products	In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39103 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39105 MISC
unisoc — multiple_products	In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39107 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39109 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39111 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39112 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39113 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39114 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39115 MISC
unisoc — multiple_products	In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39117 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39120 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39121 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39122 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39123 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39124 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39125 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39126 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39127 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39128 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39108 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39110 MISC
unisoc — multiple_products	In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-2985 MISC
unisoc — multiple_products	In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38679 MISC
unisoc — multiple_products	In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38670 MISC
unisoc — multiple_products	In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38669 MISC
unisoc — multiple_products	In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38688 MISC
unisoc — multiple_products	In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38689 MISC
webid — webid	A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.	2022-10-14	not yet calculated	CVE-2022-41477 MISC
webpack — loader-utils	A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.	2022-10-14	not yet calculated	CVE-2022-37603 MISC MISC MISC
wolfssl — wolfssl	An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.)	2022-10-15	not yet calculated	CVE-2022-42961 MISC
wordpress — wordpress	Cross-site Scripting (XSS) – Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.	2022-10-14	not yet calculated	CVE-2022-3506 CONFIRM MISC
wordpress — wordpress	Sensitive Data Exposure in Villatheme ALD – AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress.	2022-10-14	not yet calculated	CVE-2022-41623 CONFIRM CONFIRM
zoom — client_for_meetings	Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.	2022-10-14	not yet calculated	CVE-2022-28762 MISC
zoom — on-premise_meeting_connector_mmr	Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions.	2022-10-14	not yet calculated	CVE-2022-28761 MISC
zoom — on-premise_meeting_connector_mmr	Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.	2022-10-14	not yet calculated	CVE-2022-28759 MISC
zoom — on-premise_meeting_connector_mmr	Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.	2022-10-14	not yet calculated	CVE-2022-28760 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

To keep up to date follow us on the below channels.

US-CERT Bulletin (SB22-290):Vulnerability Summary for the Week of October 10, 2022

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

[BIANLIAN] – Ransomware Victim: Silverback Exploration

[FOG] – Ransomware Victim: Fifteenfortyseven Critical Systems Realty (1547realty[.]com)

[BIANLIAN] – Ransomware Victim: Kellerhals Ferguson Kroblin PLLC

[FOG] – Ransomware Victim: Hogan Mfg (hoganmfg[.]com)

[QILIN] – Ransomware Victim: DMF Lighting

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

You may have missed

[BIANLIAN] – Ransomware Victim: Silverback Exploration

[FOG] – Ransomware Victim: Fifteenfortyseven Critical Systems Realty (1547realty[.]com)

[BIANLIAN] – Ransomware Victim: Kellerhals Ferguson Kroblin PLLC

[FOG] – Ransomware Victim: Hogan Mfg (hoganmfg[.]com)

[QILIN] – Ransomware Victim: DMF Lighting