US-CERT Bulletin (SB22-290):Vulnerability Summary for the Week of October 10, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — acrobat_reader | Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 7.8 | CVE-2022-42339 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 7.8 | CVE-2022-38450 MISC |
adobe — coldfusion | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction. | 2022-10-14 | 7.5 | CVE-2022-38420 MISC |
adobe — coldfusion | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction. | 2022-10-14 | 7.5 | CVE-2022-38422 MISC |
adobe — coldfusion | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. | 2022-10-14 | 7.5 | CVE-2022-42340 MISC |
adobe — coldfusion | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. | 2022-10-14 | 7.5 | CVE-2022-42341 MISC |
adobe — coldfusion | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. | 2022-10-14 | 9.8 | CVE-2022-35710 MISC |
adobe — coldfusion | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. | 2022-10-14 | 9.8 | CVE-2022-35711 MISC |
adobe — coldfusion | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. | 2022-10-14 | 9.8 | CVE-2022-35712 MISC |
adobe — coldfusion | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | 2022-10-14 | 9.8 | CVE-2022-38418 MISC |
adobe — coldfusion | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges. | 2022-10-14 | 7.2 | CVE-2022-38421 MISC |
adobe — coldfusion | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges. | 2022-10-14 | 7.2 | CVE-2022-38424 MISC |
adobe — commerce | Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. | 2022-10-14 | 10 | CVE-2022-35698 MISC |
adobe — dimension | Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 7.8 | CVE-2022-38440 MISC |
adobe — dimension | Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 7.8 | CVE-2022-38442 MISC |
adobe — dimension | Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 7.8 | CVE-2022-38446 MISC |
adobe — dimension | Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 7.8 | CVE-2022-38441 MISC |
adobe — dimension | Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 7.8 | CVE-2022-38447 MISC |
adobe — dimension | Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 7.8 | CVE-2022-38448 MISC |
apache — shiro | Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. | 2022-10-12 | 9.8 | CVE-2022-40664 CONFIRM MLIST MLIST MLIST |
arraynetworks — arrayos_ag | Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected. | 2022-10-13 | 9.8 | CVE-2022-42897 MISC MISC |
arubanetworks — instant | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-07 | 9.8 | CVE-2022-37885 MISC |
arubanetworks — instant | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-07 | 9.8 | CVE-2022-37886 MISC |
arubanetworks — instant | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-07 | 9.8 | CVE-2022-37887 MISC |
arubanetworks — instant | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-07 | 9.8 | CVE-2022-37889 MISC |
arubanetworks — instant | Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-07 | 9.8 | CVE-2022-37890 MISC |
arubanetworks — instant | Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-07 | 9.8 | CVE-2022-37891 MISC |
arubanetworks — instant | An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | 2022-10-07 | 7.8 | CVE-2022-37893 MISC |
autodesk — revit | A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. | 2022-10-07 | 7.8 | CVE-2021-40162 MISC |
autodesk — revit | A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component. | 2022-10-07 | 7.8 | CVE-2021-40163 MISC |
autodesk — revit | A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. | 2022-10-07 | 7.8 | CVE-2021-40164 MISC |
autodesk — revit | A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. | 2022-10-07 | 7.8 | CVE-2021-40165 MISC |
autodesk — revit | A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code. | 2022-10-07 | 7.8 | CVE-2021-40166 MISC |
bentley — microstation | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | 2022-10-13 | 7.8 | CVE-2022-42899 MISC |
bentley — microstation | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | 2022-10-13 | 7.8 | CVE-2022-42900 MISC |
bentley — microstation | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | 2022-10-13 | 7.8 | CVE-2022-42901 MISC |
boodskap — iot_platform | Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. | 2022-10-13 | 8.8 | CVE-2022-35135 MISC |
browserify-shim_project — browserify-shim | Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js. | 2022-10-11 | 9.8 | CVE-2022-37617 MISC MISC MISC |
cassianetworks — access_controller | An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1. | 2022-10-14 | 7.5 | CVE-2021-22685 CONFIRM CONFIRM |
church_management_system_project — church_management_system | An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-10-12 | 7.2 | CVE-2022-41406 MISC |
cisco — ios | A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload. | 2022-10-10 | 7.7 | CVE-2022-20920 CISCO |
cisco — ios_xe | A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Note: This vulnerability can be exploited only by sending IPv4 TCP packets through an affected device. This vulnerability cannot be exploited by sending IPv6 traffic. | 2022-10-10 | 8.6 | CVE-2022-20837 CISCO |
cisco — ios_xe | A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2022-10-10 | 8.6 | CVE-2022-20870 CISCO |
cisco — ios_xe | A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment. An attacker could exploit this vulnerability by sending a crafted IPv6 packet sourced from a device on the IPv6-enabled virtual routing and forwarding (VRF) interface through the affected device. A successful exploit could allow the attacker to reload the device, resulting in a DoS condition. | 2022-10-10 | 7.4 | CVE-2022-20915 CISCO |
clippercms — clippercms | ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. | 2022-10-13 | 9.8 | CVE-2022-41495 MISC |
clippercms — clippercms | ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. | 2022-10-13 | 9.8 | CVE-2022-41497 MISC |
dedecms — dedecms | DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. | 2022-10-12 | 7.2 | CVE-2022-40921 MISC |
dell — alienware_area-51_r5_firmware | Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2022-10-12 | 7.8 | CVE-2022-34390 MISC |
dell — alienware_area-51_r5_firmware | Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2022-10-12 | 7.8 | CVE-2022-34391 MISC |
dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2022-10-12 | 7.8 | CVE-2022-32485 MISC |
dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2022-10-12 | 7.8 | CVE-2022-32487 MISC |
dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2022-10-12 | 7.8 | CVE-2022-32488 MISC |
dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2022-10-12 | 7.8 | CVE-2022-32489 MISC |
dell — alienware_area_51m_r1_firmware | Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM. | 2022-10-12 | 7.8 | CVE-2022-32491 MISC |
dell — alienware_area_51m_r1_firmware | Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2022-10-12 | 7.8 | CVE-2022-32493 MISC |
dell — bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2022-10-11 | 8.8 | CVE-2022-32486 MISC |
dell — bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2022-10-11 | 8.8 | CVE-2022-32492 MISC |
dell — container_storage_modules | Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory. | 2022-10-11 | 8.8 | CVE-2022-34426 MISC |
dell — container_storage_modules | Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution. | 2022-10-11 | 8.8 | CVE-2022-34427 MISC |
dell — enterprise_sonic_distribution | Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | 2022-10-10 | 7.5 | CVE-2022-34425 MISC |
dell — geodrive | Dell GeoDrive, versions 2.1 – 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information. | 2022-10-12 | 7.8 | CVE-2022-33919 MISC |
dell — geodrive | Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | 2022-10-12 | 7.8 | CVE-2022-33920 MISC |
dell — geodrive | Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | 2022-10-12 | 7.8 | CVE-2022-33921 MISC |
dell — geodrive | Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity. | 2022-10-12 | 7.8 | CVE-2022-33922 MISC |
dell — geodrive | Dell GeoDrive, Versions 1.0 – 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM. | 2022-10-12 | 7.1 | CVE-2022-33937 MISC |
dell — hybrid_client | Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. | 2022-10-11 | 8.2 | CVE-2022-34432 MISC |
dell — hybrid_client | Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | 2022-10-11 | 7.5 | CVE-2022-34430 MISC |
dell — xtremio_management_server | Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account. | 2022-10-12 | 9.8 | CVE-2022-31228 MISC |
democritus — d8s-algorithms | The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-42040 MISC MISC MISC |
democritus — d8s-archives | The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-41383 MISC MISC MISC |
democritus — d8s-asns | The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-42037 MISC MISC MISC |
democritus — d8s-asns | The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-42044 MISC MISC MISC |
democritus — d8s-domains | The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-41384 MISC MISC MISC |
democritus — d8s-file-system | The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-42041 MISC MISC MISC |
democritus — d8s-html | The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-41385 MISC MISC MISC |
democritus — d8s-ip-addresses | The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-42038 MISC MISC MISC |
democritus — d8s-json | The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-41382 MISC MISC MISC |
democritus — d8s-lists | The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-42039 MISC MISC MISC |
democritus — d8s-networking | The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-42042 MISC MISC MISC |
democritus — d8s-pdfs | The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-41387 MISC MISC MISC |
democritus — d8s-urls | The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-42036 MISC MISC MISC |
democritus — d8s-utility | The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-41381 MISC MISC MISC |
democritus — d8s-utility | The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-41386 MISC MISC MISC |
democritus — d8s-xml | The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-42043 MISC MISC MISC |
democritus — d8s-yaml | The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | 2022-10-11 | 9.8 | CVE-2022-41380 MISC MISC MISC |
django-mfa2_project — django-mfa2 | mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage. | 2022-10-11 | 7.5 | CVE-2022-42731 MISC MISC MISC |
dolibarr — dolibarr_erp\/crm | Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval. | 2022-10-12 | 9.8 | CVE-2022-40871 MISC |
dotpdn — paint.net | dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). | 2022-10-12 | 9.8 | CVE-2018-18446 MISC MISC MISC |
dotpdn — paint.net | dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). | 2022-10-12 | 9.8 | CVE-2018-18447 MISC MISC MISC |
dropbear_ssh_project — dropbear_ssh | An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. | 2022-10-12 | 7.5 | CVE-2021-36369 MISC MISC MISC |
f-secure — elements_endpoint_protection | Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash. | 2022-10-12 | 7.5 | CVE-2022-28887 MISC MISC |
facebook — hermes | An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | 2022-10-11 | 9.8 | CVE-2022-32234 CONFIRM CONFIRM |
facebook — hermes | A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | 2022-10-11 | 9.8 | CVE-2022-35289 CONFIRM CONFIRM |
facebook — hermes | An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | 2022-10-11 | 9.8 | CVE-2022-40138 CONFIRM CONFIRM |
fastify — fastify | fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers. | 2022-10-10 | 7.5 | CVE-2022-39288 CONFIRM MISC MISC |
foresightsports — gc3_launch_monitor_firmware | Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property. | 2022-10-13 | 8 | CVE-2022-40187 MISC MISC MISC MISC |
fortinet — fortios | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands. | 2022-10-10 | 8 | CVE-2021-44171 CONFIRM |
freerdp — freerdp | FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. | 2022-10-12 | 7.5 | CVE-2022-39282 MISC CONFIRM |
freerdp — freerdp | FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. | 2022-10-12 | 7.5 | CVE-2022-39283 MISC CONFIRM |
gh-pages_project — gh-pages | Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js. | 2022-10-12 | 9.8 | CVE-2022-37611 MISC MISC MISC |
gogs — gogs   |
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. | 2022-10-11 | 9 | CVE-2022-32174 MISC MISC |
google — android | In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220741473 | 2022-10-11 | 8.8 | CVE-2022-20429 MISC |
google — android | In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345178 | 2022-10-14 | 7.8 | CVE-2021-0699 MISC |
google — android | In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345085 | 2022-10-11 | 7.8 | CVE-2021-0951 MISC |
google — android | In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223086933References: N/A | 2022-10-14 | 7.8 | CVE-2022-20397 MISC |
google — android | In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231322873 | 2022-10-11 | 7.8 | CVE-2022-20415 MISC |
google — android | In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237717857 | 2022-10-11 | 7.8 | CVE-2022-20416 MISC |
google — android | In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237288416 | 2022-10-11 | 7.8 | CVE-2022-20417 MISC |
google — android | In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-237290578 | 2022-10-11 | 7.8 | CVE-2022-20419 MISC |
google — android | In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238377411 | 2022-10-11 | 7.8 | CVE-2022-20420 MISC |
google — android | In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel | 2022-10-11 | 7.8 | CVE-2022-20421 MISC |
google — android | There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221233 | 2022-10-11 | 7.8 | CVE-2022-20430 MISC |
google — android | There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221238 | 2022-10-11 | 7.8 | CVE-2022-20431 MISC |
google — android | There is an missing authorization issue in the system service. Since the component does not have permission check and permission protection,, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221899 | 2022-10-11 | 7.8 | CVE-2022-20432 MISC |
google — android | There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221901 | 2022-10-11 | 7.8 | CVE-2022-20433 MISC |
google — android | There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242244028 | 2022-10-11 | 7.8 | CVE-2022-20434 MISC |
google — android | There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367 | 2022-10-11 | 7.8 | CVE-2022-20435 MISC |
google — android | There is an unauthorized service in the system service. Since the component does not have permission check, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242248369 | 2022-10-11 | 7.8 | CVE-2022-20436 MISC |
google — android | In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319121; Issue ID: ALPS07319121. | 2022-10-07 | 7.8 | CVE-2022-26471 MISC |
google — android | In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID: ALPS07319095. | 2022-10-07 | 7.8 | CVE-2022-26472 MISC |
google — android | A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution. | 2022-10-07 | 7.8 | CVE-2022-39852 MISC |
google — android | A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. | 2022-10-07 | 7.8 | CVE-2022-39853 MISC |
google — android | In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-205570663 | 2022-10-11 | 7.5 | CVE-2022-20410 MISC |
google — android | In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-231986464 | 2022-10-11 | 7.5 | CVE-2022-20418 MISC |
google — android | In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID: ALPS07030600. | 2022-10-07 | 7.5 | CVE-2022-32589 MISC |
google — android | In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259. | 2022-10-07 | 7.5 | CVE-2022-32591 MISC |
google — android | In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242344778 | 2022-10-11 | 7 | CVE-2021-0696 MISC |
google — android | In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel | 2022-10-11 | 7 | CVE-2022-20422 MISC |
google — protobuf-java | A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | 2022-10-12 | 7.5 | CVE-2022-3171 CONFIRM |
gradle — enterprise | An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2. | 2022-10-07 | 7.5 | CVE-2022-41574 MISC MISC |
grafana — grafana | Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources. | 2022-10-13 | 7.8 | CVE-2022-31123 CONFIRM MISC |
grafana — grafana | Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user’s Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication. | 2022-10-13 | 7.5 | CVE-2022-31130 CONFIRM MISC MISC MISC |
grunt-karma_project — grunt-karma | Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js. | 2022-10-14 | 9.8 | CVE-2022-37602 MISC MISC MISC |
hancom — hancom_office_2020 | A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability. | 2022-10-07 | 7.8 | CVE-2022-33896 MISC |
hashicorp — packer | An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root. | 2022-10-11 | 7.8 | CVE-2022-42717 MISC MISC MISC |
huawei — harmonyos | The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices. | 2022-10-14 | 7.8 | CVE-2022-41576 MISC MISC |
huawei — harmonyos | The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability. | 2022-10-14 | 7.1 | CVE-2022-41577 MISC MISC |
human_resource_management_system_project — human_resource_management_system | A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559. | 2022-10-12 | 9.8 | CVE-2022-3458 N/A |
human_resource_management_system_project — human_resource_management_system | A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772. | 2022-10-13 | 8.8 | CVE-2022-3492 MISC |
human_resource_management_system_project — human_resource_management_system | A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability. | 2022-10-14 | 8.8 | CVE-2022-3496 MISC |
idreamsoft — icms | iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. | 2022-10-13 | 9.8 | CVE-2022-41496 MISC |
ikuai8 — ikuaios | iKuai8 v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability. | 2022-10-12 | 8.8 | CVE-2022-40469 MISC MISC MISC |
ikus-soft — rdiffweb | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. | 2022-10-14 | 9.8 | CVE-2022-3439 MISC CONFIRM |
ikus-soft — rdiffweb | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. | 2022-10-13 | 9.8 | CVE-2022-3456 MISC CONFIRM |
ikus-soft — rdiffweb | Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5. | 2022-10-13 | 9.8 | CVE-2022-3457 MISC CONFIRM |
ini4j_project — ini4j | An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | 2022-10-11 | 7.5 | CVE-2022-41404 MISC |
interspire — email_marketer | Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php “create survey and submit survey” operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550. | 2022-10-11 | 8.8 | CVE-2022-40777 MISC MISC |
isc — dhcp | In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option’s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. | 2022-10-07 | 7.5 | CVE-2022-2928 CONFIRM MLIST FEDORA |
jflyfox — jfinal_cms | JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | 2022-10-13 | 8.8 | CVE-2022-37208 MISC MISC |
jiusi — jiusi_oa | A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-210709 was assigned to this vulnerability. | 2022-10-12 | 9.8 | CVE-2022-3467 MISC MISC |
js-beautify_project — js-beautify | Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js. | 2022-10-11 | 9.8 | CVE-2022-37609 MISC MISC MISC |
linaro — lava | In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. | 2022-10-13 | 8.8 | CVE-2022-42902 MISC MISC |
linuxmint — warpinator | Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. | 2022-10-10 | 7.5 | CVE-2022-42725 MISC MISC MISC MISC |
mediabridgeproducts — mlwr-ac1200r_firmware | A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700. | 2022-10-12 | 9.8 | CVE-2022-3465 N/A N/A |
melistechnology — melis-asset-manager | MelisAssetManager provides deliveries of Melis Platform’s assets located in every module’s public folder. Attackers can read arbitrary files on affected versions of `melisplatform/melis-asset-manager`, leading to the disclosure of sensitive information. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-asset-manager` >= 5.0.1. This issue was addressed by restricting access to files to intended directories only. | 2022-10-11 | 7.5 | CVE-2022-39296 CONFIRM MISC |
melistechnology — meliscms | MelisCms provides a full CMS for Melis Platform, including templating system, drag’n’drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data. | 2022-10-12 | 9.8 | CVE-2022-39297 MISC CONFIRM |
melistechnology — meliscms | MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-front`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-front` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data. | 2022-10-12 | 9.8 | CVE-2022-39298 MISC CONFIRM |
merchandise_online_store_project — merchandise_online_store | A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | 2022-10-11 | 8.8 | CVE-2022-42238 MISC |
mi — xiaomi | A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege. | 2022-10-11 | 9.8 | CVE-2020-14129 MISC |
mi — xiaomi | The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life. | 2022-10-11 | 9.8 | CVE-2020-14131 MISC |
microsoft — .net_core | NuGet Client Elevation of Privilege Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-41032 MISC |
microsoft — azure_rtos_usbx | Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in the `_ux_host_class_cdc_ecm_mac_address_get` function which may be potentially exploited to achieve remote code execution or denial of service. Setting mac address string descriptor length to a `0` or `1` allows an attacker to introduce an integer underflow followed (string_length) by a buffer overflow of the `cdc_ecm -> ux_host_class_cdc_ecm_node_id` array. This may allow one to redirect the code execution flow or introduce a denial of service. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). Improved mac address string descriptor length validation to check for unexpectedly small values may be used as a workaround. | 2022-10-10 | 9.8 | CVE-2022-36063 CONFIRM MISC MISC |
microsoft — azure_stack_edge | Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability. | 2022-10-11 | 10 | CVE-2022-37968 MISC |
microsoft — jupyter | Visual Studio Code Elevation of Privilege Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-41083 MISC |
microsoft — malware_protection_engine | Microsoft Windows Defender Elevation of Privilege Vulnerability. | 2022-10-11 | 7.1 | CVE-2022-37971 MISC |
microsoft — office | Microsoft Office Remote Code Execution Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-38048 MISC |
microsoft — office | Microsoft Office Graphics Remote Code Execution Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-38049 MISC |
microsoft — office | Microsoft Word Remote Code Execution Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-41031 MISC |
microsoft — sharepoint_foundation | Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41036, CVE-2022-41037, CVE-2022-41038. | 2022-10-11 | 8.8 | CVE-2022-38053 MISC |
microsoft — sharepoint_foundation | Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41037, CVE-2022-41038. | 2022-10-11 | 8.8 | CVE-2022-41036 MISC |
microsoft — sharepoint_foundation | Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41036, CVE-2022-41038. | 2022-10-11 | 8.8 | CVE-2022-41037 MISC |
microsoft — sharepoint_foundation | Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41036, CVE-2022-41037. | 2022-10-11 | 8.8 | CVE-2022-41038 MISC |
microsoft — visual_studio_code | Visual Studio Code Remote Code Execution Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-41034 MISC |
microsoft — visual_studio_code | Visual Studio Code Information Disclosure Vulnerability. | 2022-10-11 | 7.4 | CVE-2022-41042 MISC |
microsoft — windows_10 | Windows Group Policy Elevation of Privilege Vulnerability. | 2022-10-11 | 8.8 | CVE-2022-37975 MISC |
microsoft — windows_10 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38031. | 2022-10-11 | 8.8 | CVE-2022-37982 MISC |
microsoft — windows_10 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. | 2022-10-11 | 8.8 | CVE-2022-38016 MISC |
microsoft — windows_10 | Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37998. | 2022-10-11 | 8.6 | CVE-2022-37973 MISC |
microsoft — windows_10 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. | 2022-10-11 | 8.1 | CVE-2022-22035 MISC |
microsoft — windows_10 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. | 2022-10-11 | 8.1 | CVE-2022-24504 MISC |
microsoft — windows_10 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. | 2022-10-11 | 8.1 | CVE-2022-30198 MISC |
microsoft — windows_10 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. | 2022-10-11 | 8.1 | CVE-2022-33634 MISC |
microsoft — windows_10 | Windows GDI+ Remote Code Execution Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-33635 MISC |
microsoft — windows_10 | Windows Hyper-V Elevation of Privilege Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-37979 MISC |
microsoft — windows_10 | Windows DHCP Client Elevation of Privilege Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-37980 MISC |
microsoft — windows_10 | Windows WLAN Service Elevation of Privilege Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-37984 MISC |
microsoft — windows_10 | Windows Win32k Elevation of Privilege Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-37986 MISC |
microsoft — windows_10 | Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. | 2022-10-11 | 7.8 | CVE-2022-37995 MISC |
microsoft — windows_10 | Windows Resilient File System Elevation of Privilege. | 2022-10-11 | 7.8 | CVE-2022-38003 MISC |
microsoft — windows_10 | Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37973. | 2022-10-11 | 7.7 | CVE-2022-37998 MISC |
microsoft — windows_10 | Windows TCP/IP Driver Denial of Service Vulnerability. | 2022-10-11 | 7.5 | CVE-2022-33645 MISC |
microsoft — windows_10 | Windows CryptoAPI Spoofing Vulnerability. | 2022-10-11 | 7.5 | CVE-2022-34689 MISC |
microsoft — windows_10 | Windows Active Directory Certificate Services Security Feature Bypass. | 2022-10-11 | 7.5 | CVE-2022-37978 MISC |
microsoft — windows_server_2008 | Active Directory Certificate Services Elevation of Privilege Vulnerability. | 2022-10-11 | 8.8 | CVE-2022-37976 MISC |
microsoft — windows_server_2008 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37982. | 2022-10-11 | 8.8 | CVE-2022-38031 MISC |
microsoft — windows_server_2008 | Windows Workstation Service Elevation of Privilege Vulnerability. | 2022-10-11 | 8.8 | CVE-2022-38034 MISC |
microsoft — windows_server_2008 | Microsoft ODBC Driver Remote Code Execution Vulnerability. | 2022-10-11 | 8.8 | CVE-2022-38040 MISC |
microsoft — windows_server_2008 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38047, CVE-2022-41081. | 2022-10-11 | 8.1 | CVE-2022-38000 MISC |
microsoft — windows_server_2008 | Active Directory Domain Services Elevation of Privilege Vulnerability. | 2022-10-11 | 8.1 | CVE-2022-38042 MISC |
microsoft — windows_server_2008 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-41081. | 2022-10-11 | 8.1 | CVE-2022-38047 MISC |
microsoft — windows_server_2008 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047. | 2022-10-11 | 8.1 | CVE-2022-41081 MISC |
microsoft — windows_server_2008 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37989. | 2022-10-11 | 7.8 | CVE-2022-37987 MISC |
microsoft — windows_server_2008 | Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. | 2022-10-11 | 7.8 | CVE-2022-37988 MISC |
microsoft — windows_server_2008 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37987. | 2022-10-11 | 7.8 | CVE-2022-37989 MISC |
microsoft — windows_server_2008 | Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. | 2022-10-11 | 7.8 | CVE-2022-37990 MISC |
microsoft — windows_server_2008 | Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. | 2022-10-11 | 7.8 | CVE-2022-37991 MISC |
microsoft — windows_server_2008 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37994, CVE-2022-37999. | 2022-10-11 | 7.8 | CVE-2022-37993 MISC |
microsoft — windows_server_2008 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37999. | 2022-10-11 | 7.8 | CVE-2022-37994 MISC |
microsoft — windows_server_2008 | Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-38051. | 2022-10-11 | 7.8 | CVE-2022-37997 MISC |
microsoft — windows_server_2008 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37994. | 2022-10-11 | 7.8 | CVE-2022-37999 MISC |
microsoft — windows_server_2008 | Windows Print Spooler Elevation of Privilege Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-38028 MISC |
microsoft — windows_server_2008 | Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38038, CVE-2022-38039. | 2022-10-11 | 7.8 | CVE-2022-38037 MISC |
microsoft — windows_server_2008 | Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38039. | 2022-10-11 | 7.8 | CVE-2022-38038 MISC |
microsoft — windows_server_2008 | Windows CD-ROM File System Driver Remote Code Execution Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-38044 MISC |
microsoft — windows_server_2008 | Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37997. | 2022-10-11 | 7.8 | CVE-2022-38051 MISC |
microsoft — windows_server_2008 | Windows COM+ Event System Service Elevation of Privilege Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-41033 MISC |
microsoft — windows_server_2008 | Windows Secure Channel Denial of Service Vulnerability. | 2022-10-11 | 7.5 | CVE-2022-38041 MISC |
microsoft — windows_server_2008 | Windows Storage Elevation of Privilege Vulnerability. | 2022-10-11 | 7 | CVE-2022-38027 MISC |
microsoft — windows_server_2008 | Windows ALPC Elevation of Privilege Vulnerability. | 2022-10-11 | 7 | CVE-2022-38029 MISC |
microsoft — windows_server_2012 | Server Service Remote Protocol Elevation of Privilege Vulnerability. | 2022-10-11 | 9.1 | CVE-2022-38045 MISC |
microsoft — windows_server_2012 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. | 2022-10-11 | 7 | CVE-2022-38021 MISC |
microsoft — windows_server_2019 | Windows DWM Core Library Elevation of Privilege Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-37970 MISC |
microsoft — windows_server_2019 | Microsoft DWM Core Library Elevation of Privilege Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-37983 MISC |
microsoft — windows_server_2019 | Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038. | 2022-10-11 | 7.8 | CVE-2022-38039 MISC |
microsoft — windows_server_2019 | Win32k Elevation of Privilege Vulnerability. | 2022-10-11 | 7.8 | CVE-2022-38050 MISC |
microsoft — windows_server_2019 | Web Account Manager Information Disclosure Vulnerability. | 2022-10-11 | 7.5 | CVE-2022-38046 MISC |
microsoft — windows_server_2022 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability. | 2022-10-11 | 7.5 | CVE-2022-38036 MISC |
mockery_project — mockery | Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js. | 2022-10-12 | 9.8 | CVE-2022-37614 MISC MISC MISC |
newsletter_subscribe_\(popup_\+_regular_module\)_project — newsletter_subscribe_\(popup_\+_regular_module\) | OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter. | 2022-10-12 | 9.8 | CVE-2022-41403 MISC |
node_saml_project — node_saml | node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround. | 2022-10-13 | 8.1 | CVE-2022-39300 MISC CONFIRM |
nokia — airframe_bmc_web_gui_r18_firmware | Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity). | 2022-10-12 | 8.8 | CVE-2022-28866 MISC MISC |
ocomon_project — ocomon | OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. | 2022-10-13 | 9.8 | CVE-2022-41390 MISC |
ocomon_project — ocomon | OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. | 2022-10-13 | 9.8 | CVE-2022-41391 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. | 2022-10-14 | 9.8 | CVE-2022-42064 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-10-13 | 7.2 | CVE-2022-41533 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-10-13 | 7.2 | CVE-2022-41534 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. | 2022-10-07 | 7.2 | CVE-2022-42073 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. | 2022-10-07 | 7.2 | CVE-2022-42074 MISC |
online_leave_management_system_project — online_leave_management_system | An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-10-07 | 7.2 | CVE-2022-41379 MISC |
online_pet_shop_we_app_project — online_pet_shop_we_app | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | 2022-10-12 | 9.8 | CVE-2022-41408 MISC |
online_pet_shop_we_app_project — online_pet_shop_we_app | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. | 2022-10-07 | 7.2 | CVE-2022-41377 MISC |
online_pet_shop_we_app_project — online_pet_shop_we_app | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory. | 2022-10-07 | 7.2 | CVE-2022-41378 MISC |
online_pet_shop_we_app_project — online_pet_shop_we_app | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | 2022-10-12 | 7.2 | CVE-2022-41407 MISC |
open_source_sacco_management_system_project — open_source_sacco_management_system | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan. | 2022-10-07 | 7.2 | CVE-2022-41514 MISC |
open_source_sacco_management_system_project — open_source_sacco_management_system | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. | 2022-10-07 | 7.2 | CVE-2022-41515 MISC |
open_source_sacco_management_system_project — open_source_sacco_management_system | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower. | 2022-10-12 | 7.2 | CVE-2022-41530 MISC |
open_source_sacco_management_system_project — open_source_sacco_management_system | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan. | 2022-10-12 | 7.2 | CVE-2022-41532 MISC |
openssl — openssl | OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5). | 2022-10-11 | 7.5 | CVE-2022-3358 CONFIRM CONFIRM |
paloaltonetworks — pan-os | An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. | 2022-10-12 | 8.1 | CVE-2022-0030 MISC |
panini — everest_engine | Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file. | 2022-10-07 | 7.8 | CVE-2022-39959 MISC MISC |
passport-saml_project — passport-saml | Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround. | 2022-10-12 | 8.1 | CVE-2022-39299 CONFIRM MISC |
powerline_gitstatus_project — powerline_gitstatus | powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker’s control. NOTE: this is similar to CVE-2022-20001. | 2022-10-13 | 7.8 | CVE-2022-42906 MISC MISC |
progress — whatsup_gold | In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim’s browser. | 2022-10-12 | 9.6 | CVE-2022-42711 MISC MISC MISC |
puppet — puppetlabs-mysql | Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | 2022-10-07 | 9.8 | CVE-2022-3275 MISC |
puppet — puppetlabs-mysql | Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | 2022-10-07 | 8.8 | CVE-2022-3276 MISC |
redirection-for-contact-form7 — redirection_for_contact_form_7 | Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe. | 2022-10-11 | 7.5 | CVE-2021-36913 CONFIRM CONFIRM |
ree6 — ree6 | Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds. | 2022-10-13 | 9.8 | CVE-2022-39303 MISC CONFIRM |
resiot — iot_platform_and_lorawan_network_server | Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts. | 2022-10-13 | 8.8 | CVE-2022-34020 MISC MISC |
rpcms — rpcms | RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account. | 2022-10-13 | 8.8 | CVE-2022-41475 MISC |
samsung — dynamic_lockscreen | Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. | 2022-10-07 | 9.8 | CVE-2022-39862 MISC |
samsung — smartthings | Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. | 2022-10-07 | 7.5 | CVE-2022-39864 MISC |
samsung — smartthings | Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | 2022-10-07 | 7.5 | CVE-2022-39865 MISC |
samsung — smartthings | Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | 2022-10-07 | 7.5 | CVE-2022-39866 MISC |
samsung — smartthings | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. | 2022-10-07 | 7.5 | CVE-2022-39867 MISC |
samsung — smartthings | Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | 2022-10-07 | 7.5 | CVE-2022-39868 MISC |
samsung — smartthings | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. | 2022-10-07 | 7.5 | CVE-2022-39869 MISC |
samsung — smartthings | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. | 2022-10-07 | 7.5 | CVE-2022-39870 MISC |
samsung — smartthings | Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. | 2022-10-07 | 7.5 | CVE-2022-39871 MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-39803 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-39804 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-39805 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-39806 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-39808 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41167 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41168 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41170 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41172 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41175 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41177 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JtTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41179 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41180 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41184 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41185 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, a Remote Code Execution can be triggered when payload forces a stack-based overflow and or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41186 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41187 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 7.8 | CVE-2022-41188 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41189 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41190 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41191 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 7.8 | CVE-2022-41192 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41193 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 7.8 | CVE-2022-41194 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41195 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41196 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 7.8 | CVE-2022-41197 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41198 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41199 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41200 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41201 MISC MISC |
sap — 3d_visual_enterprise_viewer | Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 2022-10-11 | 7.8 | CVE-2022-41202 MISC MISC |
sap — business_objects_business_intelligence_platform | Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application. | 2022-10-11 | 7.6 | CVE-2022-39013 MISC MISC |
sap — commerce | An attacker can change the content of an SAP Commerce – versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system. | 2022-10-11 | 8.8 | CVE-2022-41204 MISC MISC |
sap — manufacturing_execution | SAP Manufacturing Execution – versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure. | 2022-10-11 | 7.5 | CVE-2022-39802 MISC MISC |
sap — sap_iq | SAP SQL Anywhere – version 17.0, and SAP IQ – version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. | 2022-10-11 | 9.8 | CVE-2022-35299 MISC MISC |
siemens — 6gk6108-4am00-2ba2_firmware | Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. | 2022-10-11 | 8.8 | CVE-2022-31765 MISC |
siemens — 7kg8500-0aa00-0aa0_firmware | A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the parameter of a specific GET request. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. | 2022-10-11 | 8.8 | CVE-2022-41665 MISC |
siemens — 7kg8500-0aa00-0aa0_firmware | A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user’s session after login. | 2022-10-11 | 8.1 | CVE-2022-40226 MISC |
siemens — desigo_pxm30-1_firmware | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded Chromium-based browser is launched as root with the “–no-sandbox” option. Attackers can add arbitrary JavaScript code inside “Operation” graphics and successfully exploit any number of publicly known vulnerabilities against the version of the embedded Chromium-based browser. | 2022-10-11 | 8.8 | CVE-2022-40182 MISC |
siemens — desigo_pxm30-1_firmware | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded browser does not prevent interaction with alternative URI schemes when redirected to corresponding resources by web application code. By setting the homepage URI, the favorite URIs, or redirecting embedded browser users via JavaScript code to alternative scheme resources, a remote low privileged attacker can perform a range of attacks against the device, such as read arbitrary files on the filesystem, execute arbitrary JavaScript code in order to steal or manipulate the information on the screen, or trigger denial of service conditions. | 2022-10-11 | 8.3 | CVE-2022-40181 MISC |
siemens — desigo_pxm30-1_firmware | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in endpoints of the “Operation” web application that interpret and execute Axon language queries, due to the missing validation of anti-CSRF tokens or other origin checks. By convincing a victim to click on a malicious link or visit a specifically crafted webpage while logged-in to the device web application, a remote unauthenticated attacker can execute arbitrary Axon queries against the device. | 2022-10-11 | 8.1 | CVE-2022-40179 MISC |
siemens — desigo_pxm30-1_firmware | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). There exists an Improper Neutralization of Special Elements used in an OS Command with root privileges during a restore operation due to the missing validation of the names of files included in the input package. By restoring a specifically crafted package, a remote low-privileged attacker can execute arbitrary system commands with root privileges on the device, leading to a full compromise. | 2022-10-11 | 8 | CVE-2022-40176 MISC |
siemens — industrial_edge_management | A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. | 2022-10-11 | 7.4 | CVE-2022-40147 MISC |
siemens — jt_open_toolkit | A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973) | 2022-10-11 | 7.8 | CVE-2022-41851 MISC |
siemens — logo\!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code. | 2022-10-11 | 9.8 | CVE-2022-36361 MISC |
siemens — logo\!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device. | 2022-10-11 | 7.5 | CVE-2022-36360 MISC |
siemens — logo\!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device. | 2022-10-11 | 7.5 | CVE-2022-36362 MISC |
siemens — nucleus_net | A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions), Nucleus Source Code (Versions including affected FTP server). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server. | 2022-10-11 | 7.5 | CVE-2022-38371 MISC MISC |
siemens — ruggedcom_rm1224_firmware | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.1.2), SCALANCE M874-2 (All versions < V7.1.2), SCALANCE M874-3 (All versions < V7.1.2), SCALANCE M876-3 (EVDO) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (All versions < V7.1.2), SCALANCE M876-4 (EU) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (All versions < V7.1.2), SCALANCE S615 (All versions < V7.1.2), SCALANCE WAM763-1 (All versions >= V1.1.0), SCALANCE WAM766-1 (All versions >= V1.1.0), SCALANCE WAM766-1 (All versions >= V1.1.0), SCALANCE WAM766-1 6GHz (All versions >= V1.1.0), SCALANCE WAM766-1 EEC (All versions >= V1.1.0), SCALANCE WAM766-1 EEC (All versions >= V1.1.0), SCALANCE WAM766-1 EEC 6GHz (All versions >= V1.1.0), SCALANCE WUM763-1 (All versions >= V1.1.0), SCALANCE WUM763-1 (All versions >= V1.1.0), SCALANCE WUM766-1 (All versions >= V1.1.0), SCALANCE WUM766-1 (All versions >= V1.1.0), SCALANCE WUM766-1 6GHz (All versions >= V1.1.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service and reboot the device thus possibly affecting other network resources. | 2022-10-11 | 8.6 | CVE-2022-31766 MISC |
siemens — simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication. | 2022-10-11 | 7.8 | CVE-2022-38465 MISC |
siemens — simatic_hmi_comfort_panels_firmware | A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets. | 2022-10-11 | 7.5 | CVE-2022-40227 MISC |
siemens — solid_edge | A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). The affected application contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17627) | 2022-10-11 | 7.8 | CVE-2022-37864 MISC |
simple_cold_storage_management_system_project — simple_cold_storage_managment_system | Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. | 2022-10-11 | 7.2 | CVE-2022-42230 MISC |
simple_online_public_access_catalog_project — simple_online_public_access_catalog | A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784. | 2022-10-14 | 7.2 | CVE-2022-3495 MISC MISC |
slack_morphism_project — slack_morphism | Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slack webhooks may disable or filter debug logs. | 2022-10-10 | 7.5 | CVE-2022-39292 CONFIRM MISC |
sonicwall — global_management_system | SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application’s binaries and configuration files. | 2022-10-13 | 7.5 | CVE-2021-20030 CONFIRM |
tenda — ac1206_firmware | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet. | 2022-10-12 | 7.5 | CVE-2022-42079 MISC |
tenda — ac1206_firmware | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter. | 2022-10-12 | 7.5 | CVE-2022-42080 MISC |
tenda — ac1206_firmware | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter. | 2022-10-12 | 7.5 | CVE-2022-42081 MISC |
traefik — traefik | Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds. | 2022-10-11 | 7.5 | CVE-2022-39271 MISC CONFIRM MISC |
trendmicro — apex_one | A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability. | 2022-10-10 | 9.1 | CVE-2022-41746 MISC MISC |
trendmicro — apex_one | An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-10-10 | 7.8 | CVE-2022-41747 MISC MISC |
trendmicro — apex_one | An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-10-10 | 7.8 | CVE-2022-41749 MISC MISC |
trendmicro — apex_one | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-10-10 | 7 | CVE-2022-41744 MISC MISC |
trendmicro — apex_one | An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-10-10 | 7 | CVE-2022-41745 MISC MISC |
vmware — vcenter_server | The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. | 2022-10-07 | 9.1 | CVE-2022-31680 MISC MISC |
wayos — lq-09_firmware | WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm. | 2022-10-13 | 8.1 | CVE-2022-41489 MISC |
web-based_student_clearance_system_project — web-based_student_clearance_system | A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210367. | 2022-10-09 | 7.5 | CVE-2022-3436 MISC |
webpack.js — loader-utils | Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js. | 2022-10-12 | 9.8 | CVE-2022-37601 MISC MISC MISC |
webpack.js — loader-utils | A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. | 2022-10-11 | 7.5 | CVE-2022-37599 MISC MISC MISC |
wedding_planner_project — wedding_planner | Wedding Planner v1.0 is vulnerable to arbitrary code execution. | 2022-10-07 | 9.8 | CVE-2022-42075 MISC MISC |
wedding_planner_project — wedding_planner | Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. | 2022-10-11 | 8.8 | CVE-2022-42034 MISC |
wedding_planner_project — wedding_planner | Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. | 2022-10-11 | 8.8 | CVE-2022-42229 MISC |
wijungle — u250_firmware | WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. | 2022-10-12 | 9.8 | CVE-2022-33106 MISC MISC |
woo_billingo_plus_project — woo_billingo_plus | The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin’s license | 2022-10-10 | 7.1 | CVE-2022-3154 MISC |
xmldom_project — xmldom | A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. | 2022-10-11 | 9.8 | CVE-2022-37616 MISC MISC MISC MISC |
zkteco — zkbiosecurity_v5000 | An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. | 2022-10-07 | 8.8 | CVE-2022-36634 MISC MISC MISC |
zkteco — zkbiosecurity_v5000 | ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do. | 2022-10-07 | 8.8 | CVE-2022-36635 MISC MISC MISC |
zoneminder — zoneminder | ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging. | 2022-10-07 | 7.5 | CVE-2022-39289 MISC CONFIRM |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adguard — adguardhome | In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules. | 2022-10-11 | 4.3 | CVE-2022-32175 MISC MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 5.5 | CVE-2022-35691 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 5.5 | CVE-2022-38437 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 5.5 | CVE-2022-38449 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 5.5 | CVE-2022-42342 MISC |
adobe — coldfusion | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges. | 2022-10-14 | 4.9 | CVE-2022-38423 MISC |
adobe — coldfusion   |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. | 2022-10-14 | 5.9 | CVE-2022-38419 MISC |
adobe — commerce | Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction. | 2022-10-14 | 5.3 | CVE-2022-35689 MISC |
adobe — dimension | Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | 5.5 | CVE-2022-38443 MISC |
arubanetworks — instant | An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | 2022-10-07 | 6.5 | CVE-2022-37894 MISC |
arubanetworks — instant | A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | 2022-10-07 | 6.1 | CVE-2022-37896 MISC |
arubanetworks — instant | A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability. | 2022-10-07 | 5.4 | CVE-2022-37892 MISC |
arubanetworks — instant | An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | 2022-10-07 | 4.9 | CVE-2022-37895 MISC |
asset_cleanup\ — _page_speed_booster_project | Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan’s Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress. | 2022-10-11 | 4.8 | CVE-2021-36899 CONFIRM CONFIRM |
avaya — aura_communication_manager | Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0. | 2022-10-12 | 6.7 | CVE-2022-2249 CONFIRM |
bevywise — mqttroute | A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field. | 2022-10-13 | 5.4 | CVE-2022-35612 MISC |
bevywise — mqttroute | A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards. | 2022-10-13 | 4.3 | CVE-2022-35611 MISC |
boodskap — iot_platform | Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests. | 2022-10-13 | 6.5 | CVE-2022-35136 MISC |
boodskap — iot_platform | Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability. | 2022-10-13 | 5.4 | CVE-2022-35134 MISC |
book_store_management_system_project — book_store_management_system | A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument category_name leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210436. | 2022-10-11 | 5.4 | CVE-2022-3452 MISC |
book_store_management_system_project — book_store_management_system | A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /transcation.php. The manipulation of the argument buyer_name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210437 was assigned to this vulnerability. | 2022-10-11 | 5.4 | CVE-2022-3453 MISC |
brainvire — disable_user_login | The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will. | 2022-10-10 | 5.3 | CVE-2022-2350 MISC |
cert — vince | An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the “Product Affected” field. | 2022-10-10 | 5.4 | CVE-2022-40248 MISC |
cert — vince | An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field. | 2022-10-10 | 5.4 | CVE-2022-40257 MISC |
cisco — ios_xe | A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the boot process of the affected device. To exploit this vulnerability, the attacker needs either unauthenticated physical access to the device or privileged access to the root shell on the device. Note: In Cisco IOS XE Software releases 16.11.1 and later, root shell access is protected by the Consent Token mechanism. However, an attacker with level-15 privileges could easily downgrade the Cisco IOS XE Software running on a device to a release where root shell access is more readily available. | 2022-10-10 | 6.8 | CVE-2022-20944 CISCO |
cisco — ios_xe_rom_monitor | A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password. | 2022-10-10 | 4.6 | CVE-2022-20864 CISCO |
cisco — sd-wan_vmanage | A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses. | 2022-10-10 | 5.3 | CVE-2022-20830 CISCO |
cozmoslabs — profile_builder | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on. | 2022-10-11 | 4.3 | CVE-2021-36915 CONFIRM CONFIRM |
crealogix — ebics_server | A vulnerability was found in Crealogix EBICS 7.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ebics-server/ebics.aspx. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-210374 is the identifier assigned to this vulnerability. | 2022-10-10 | 6.1 | CVE-2022-3442 N/A N/A |
d-bus_project — d-bus | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. | 2022-10-10 | 6.5 | CVE-2022-42010 CONFIRM MISC FEDORA |
d-bus_project — d-bus | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. | 2022-10-10 | 6.5 | CVE-2022-42011 CONFIRM MISC FEDORA |
d-bus_project — d-bus | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. | 2022-10-10 | 6.5 | CVE-2022-42012 CONFIRM MISC FEDORA |
dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2022-10-12 | 4.4 | CVE-2022-32483 MISC |
dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2022-10-12 | 4.4 | CVE-2022-32484 MISC |
dell — cloud_mobility_for_dell_emc_storage | Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. | 2022-10-11 | 6.7 | CVE-2022-34434 MISC |
dell — geodrive | Dell GeoDrive, Versions 2.1 – 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information. | 2022-10-12 | 5.5 | CVE-2022-33918 MISC |
dell — hybrid_client | Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. | 2022-10-11 | 6.5 | CVE-2022-34431 MISC |
dell — wyse_thinos | Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service. | 2022-10-10 | 4.9 | CVE-2022-34402 MISC |
eng — knowage | Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds. | 2022-10-13 | 6.1 | CVE-2022-39295 CONFIRM MISC |
fatfreecrm — fatfreecrm | fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit `c85a254` and will be available in release `0.20.1`. Users are advised to upgrade or to manually apply patch `c85a254`. There are no known workarounds for this issue. | 2022-10-08 | 6.5 | CVE-2022-39281 MISC MISC CONFIRM |
flatpress — flatpress | Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. | 2022-10-11 | 5.4 | CVE-2022-40047 MISC MISC |
fontmeister_project — fontmeister | Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress. | 2022-10-11 | 6.1 | CVE-2022-33978 CONFIRM CONFIRM |
fortinet — fortimanager | An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path. | 2022-10-10 | 5.3 | CVE-2022-26121 CONFIRM |
getshortcodes — shortcodes_ultimate | Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change. | 2022-10-11 | 4.3 | CVE-2022-38086 CONFIRM CONFIRM |
gin-vue-admin_project — gin-vue-admin | In “Gin-Vue-Admin”, versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the ‘Normal Upload’ functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover. | 2022-10-14 | 5.4 | CVE-2022-32177 CONFIRM MISC |
gnu — osip | GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. | 2022-10-11 | 6.5 | CVE-2022-41550 MISC |
google — android | In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel | 2022-10-11 | 6.7 | CVE-2022-20409 MISC |
google — android | In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230794395 | 2022-10-11 | 6.7 | CVE-2022-20412 MISC |
google — android | In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID: ALPS07262305. | 2022-10-07 | 6.7 | CVE-2022-26452 MISC |
google — android | In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID: ALPS07342197. | 2022-10-07 | 6.7 | CVE-2022-26473 MISC |
google — android | In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717. | 2022-10-07 | 6.7 | CVE-2022-26474 MISC |
google — android | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743. | 2022-10-07 | 6.7 | CVE-2022-26475 MISC |
google — android | In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425. | 2022-10-07 | 6.7 | CVE-2022-32590 MISC |
google — android | In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405. | 2022-10-07 | 6.7 | CVE-2022-32592 MISC |
google — android | In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493. | 2022-10-07 | 6.7 | CVE-2022-32593 MISC |
google — android | In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921 | 2022-10-11 | 5.5 | CVE-2022-20351 MISC |
google — android | In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235850634 | 2022-10-11 | 5.5 | CVE-2022-20413 MISC |
google — android | In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235823407 | 2022-10-11 | 5.5 | CVE-2022-20425 MISC |
google — android | In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242258929 | 2022-10-11 | 5.5 | CVE-2022-20437 MISC |
google — android | In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259920 | 2022-10-11 | 5.5 | CVE-2022-20438 MISC |
google — android | In Messaging, There has unauthorized provider, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242266172 | 2022-10-11 | 5.5 | CVE-2022-20439 MISC |
google — android | In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259918 | 2022-10-11 | 5.5 | CVE-2022-20440 MISC |
google — android | In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/A | 2022-10-14 | 5.5 | CVE-2022-20464 MISC |
google — android | Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. | 2022-10-07 | 5.3 | CVE-2022-39847 MISC |
google — android | In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-204906124 | 2022-10-11 | 5 | CVE-2022-20394 MISC |
google — android | In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel | 2022-10-11 | 4.6 | CVE-2022-20423 MISC |
google — android | Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. | 2022-10-07 | 4.3 | CVE-2022-39855 MISC |
hashicorp — nomad | HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0. | 2022-10-12 | 6.5 | CVE-2022-41606 MISC MISC |
hashicorp — vault | HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role’s CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10. | 2022-10-12 | 5.3 | CVE-2022-41316 MISC MISC |
haskell — aeson | The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service. | 2022-10-10 | 6.5 | CVE-2022-3433 MISC |
human_resource_management_system_project — human_resource_management_system | A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability. | 2022-10-13 | 6.5 | CVE-2022-3470 MISC MISC |
human_resource_management_system_project — human_resource_management_system | A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-210717 was assigned to this vulnerability. | 2022-10-13 | 6.5 | CVE-2022-3473 MISC MISC |
human_resource_management_system_project — human_resource_management_system | A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210773 was assigned to this vulnerability. | 2022-10-13 | 5.4 | CVE-2022-3493 MISC |
human_resource_management_system_project — human_resource_management_system | A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. VDB-210786 is the identifier assigned to this vulnerability. | 2022-10-14 | 5.4 | CVE-2022-3497 MISC |
human_resource_management_system_project — human_resource_management_system | A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831. | 2022-10-14 | 5.4 | CVE-2022-3502 MISC MISC |
human_resource_management_system_project — human_resource_management_system | A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210715. | 2022-10-13 | 4.9 | CVE-2022-3471 MISC MISC |
human_resource_management_system_project — human_resource_management_system | A vulnerability was found in SourceCodester Human Resource Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file city.php. The manipulation of the argument cityedit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210716. | 2022-10-13 | 4.9 | CVE-2022-3472 MISC MISC |
ibm — navigator_mobile | IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968. | 2022-10-11 | 5.5 | CVE-2022-38388 CONFIRM XF |
ibm — sterling_partner_engagement_manager | IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704. | 2022-10-10 | 6.5 | CVE-2022-34334 CONFIRM XF |
ikus-soft — rdiffweb | Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | 2022-10-10 | 6.1 | CVE-2022-3438 CONFIRM MISC |
isc — dhcp | In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. | 2022-10-07 | 6.5 | CVE-2022-2929 CONFIRM MLIST FEDORA |
jgraph — mxgraph | mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function. | 2022-10-12 | 6.1 | CVE-2022-40440 MISC MISC MISC |
johnsoncontrols — c-cure_9000_firmware | Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions. | 2022-10-11 | 5.3 | CVE-2021-36201 CERT CONFIRM |
johnsoncontrols — metasys_extended_application_and_data_server | On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. | 2022-10-07 | 6.5 | CVE-2022-21936 CERT CONFIRM |
libreoffice — libreoffice | LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme ‘vnd.libreoffice.command’ specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6. | 2022-10-11 | 6.3 | CVE-2022-3140 MISC DEBIAN |
liferay — liferay_portal | An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. | 2022-10-07 | 5.3 | CVE-2022-41414 MISC |
linux — linux_kernel | mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. | 2022-10-09 | 5.5 | CVE-2022-42703 MISC MISC MISC MISC |
linux — linux_kernel | A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. | 2022-10-08 | 4.3 | CVE-2022-3435 N/A N/A FEDORA FEDORA |
merchandise_online_store_project — merchandise_online_store | A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. | 2022-10-11 | 5.4 | CVE-2022-42236 MISC |
metaslider — slider\,_gallery\,_and_carousel | The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-10 | 4.8 | CVE-2022-2823 MISC |
metroui — metro_ui | Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function. | 2022-10-11 | 6.1 | CVE-2022-41376 MISC |
microsoft — azure_service_fabric | Service Fabric Explorer Spoofing Vulnerability. | 2022-10-11 | 4.8 | CVE-2022-35829 MISC |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Spoofing Vulnerability. | 2022-10-11 | 5.3 | CVE-2022-41035 MISC |
microsoft — office | Microsoft Office Spoofing Vulnerability. | 2022-10-11 | 6.5 | CVE-2022-38001 MISC |
microsoft — office | Microsoft Office Information Disclosure Vulnerability. | 2022-10-11 | 5.3 | CVE-2022-41043 MISC |
microsoft — storsimple_8010_firmware | StorSimple 8000 Series Elevation of Privilege Vulnerability. | 2022-10-11 | 6.8 | CVE-2022-38017 MISC |
microsoft — windows_10 | Windows NTLM Spoofing Vulnerability. | 2022-10-11 | 6.5 | CVE-2022-35770 MISC |
microsoft — windows_10 | Windows Mixed Reality Developer Tools Information Disclosure Vulnerability. | 2022-10-11 | 6.5 | CVE-2022-37974 MISC |
microsoft — windows_10 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability. | 2022-10-11 | 6.5 | CVE-2022-37977 MISC |
microsoft — windows_10 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. | 2022-10-11 | 5.9 | CVE-2022-37965 MISC |
microsoft — windows_10 | Windows Graphics Component Information Disclosure Vulnerability. | 2022-10-11 | 5.5 | CVE-2022-37985 MISC |
microsoft — windows_10 | Windows Event Logging Service Denial of Service Vulnerability. | 2022-10-11 | 4.3 | CVE-2022-37981 MISC |
microsoft — windows_server_2008 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability. | 2022-10-11 | 6.8 | CVE-2022-38032 MISC |
microsoft — windows_server_2008 | Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability. | 2022-10-11 | 6.5 | CVE-2022-38033 MISC |
microsoft — windows_server_2008 | Windows DHCP Client Information Disclosure Vulnerability. | 2022-10-11 | 5.5 | CVE-2022-38026 MISC |
microsoft — windows_server_2008 | Windows Security Support Provider Interface Information Disclosure Vulnerability. | 2022-10-11 | 5.3 | CVE-2022-38043 MISC |
microsoft — windows_server_2012 | Windows Kernel Memory Information Disclosure Vulnerability. | 2022-10-11 | 5.5 | CVE-2022-37996 MISC |
microsoft — windows_server_2019 | Windows USB Serial Driver Information Disclosure Vulnerability. | 2022-10-11 | 4.3 | CVE-2022-38030 MISC |
microsoft — windows_server_2022 | Windows Distributed File System (DFS) Information Disclosure Vulnerability. | 2022-10-11 | 5.5 | CVE-2022-38025 MISC |
misp-project — malware_information_sharing_platform | app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). | 2022-10-10 | 4.3 | CVE-2022-42724 MISC |
octopus — octopus_server | In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability | 2022-10-13 | 6.5 | CVE-2022-2828 MISC |
octopus — octopus_server | In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work. | 2022-10-12 | 5.3 | CVE-2022-2720 MISC |
online_birth_certificate_management_system_project — online_birth_certificate_management_system | Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability. | 2022-10-14 | 5.4 | CVE-2022-42069 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567. | 2022-10-14 | 6.5 | CVE-2022-35040 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f. | 2022-10-14 | 6.5 | CVE-2022-35041 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11. | 2022-10-14 | 6.5 | CVE-2022-35042 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6. | 2022-10-14 | 6.5 | CVE-2022-35043 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087. | 2022-10-14 | 6.5 | CVE-2022-35044 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63. | 2022-10-14 | 6.5 | CVE-2022-35045 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466. | 2022-10-14 | 6.5 | CVE-2022-35046 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa. | 2022-10-14 | 6.5 | CVE-2022-35047 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c. | 2022-10-14 | 6.5 | CVE-2022-35048 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5. | 2022-10-14 | 6.5 | CVE-2022-35049 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de. | 2022-10-14 | 6.5 | CVE-2022-35050 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b55af. | 2022-10-14 | 6.5 | CVE-2022-35051 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1. | 2022-10-14 | 6.5 | CVE-2022-35052 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x61731f. | 2022-10-14 | 6.5 | CVE-2022-35053 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2. | 2022-10-14 | 6.5 | CVE-2022-35054 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473. | 2022-10-14 | 6.5 | CVE-2022-35055 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478. | 2022-10-14 | 6.5 | CVE-2022-35056 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce. | 2022-10-14 | 6.5 | CVE-2022-35058 MISC MISC |
otfcc_project — otfcc | OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414. | 2022-10-14 | 6.5 | CVE-2022-35059 MISC MISC |
pencidesign — soledad | The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],…} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | 2022-10-10 | 6.1 | CVE-2022-3209 MISC |
picuploader_project — picuploader | PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php. | 2022-10-07 | 6.1 | CVE-2022-41442 MISC MISC |
premium-themes — cryptocurrency_pricing_list_and_ticker | The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue | 2022-10-10 | 6.1 | CVE-2021-25044 MISC |
projectworlds — online_examination_system | Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. | 2022-10-14 | 6.1 | CVE-2022-42066 MISC MISC |
puppycms — puppycms | A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-210699. | 2022-10-12 | 6.1 | CVE-2022-3464 N/A |
purchase_order_management_system_project — purchase_order_management_system | A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210832. | 2022-10-14 | 5.4 | CVE-2022-3503 MISC MISC |
resiot — iot_platform_and_lorawan_network_server | Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields. | 2022-10-13 | 5.4 | CVE-2022-34021 MISC |
resmush.it — resmush.it_image_optimizer | The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 2022-10-10 | 4.8 | CVE-2022-2448 MISC |
rpcms — rpcms | RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. | 2022-10-13 | 6.5 | CVE-2022-41474 MISC |
rpcms — rpcms | RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function. | 2022-10-13 | 6.1 | CVE-2022-41473 MISC |
samsung — account | Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | 2022-10-07 | 5.5 | CVE-2022-39874 MISC |
samsung — account | Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. | 2022-10-07 | 4.7 | CVE-2022-39863 MISC |
samsung — account | Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | 2022-10-07 | 4.4 | CVE-2022-39875 MISC |
samsung — checkout | Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast. | 2022-10-07 | 5.5 | CVE-2022-39878 MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 5.5 | CVE-2022-39807 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 5.5 | CVE-2022-41166 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 5.5 | CVE-2022-41169 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 5.5 | CVE-2022-41171 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 5.5 | CVE-2022-41173 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 5.5 | CVE-2022-41174 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 5.5 | CVE-2022-41176 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 5.5 | CVE-2022-41178 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 5.5 | CVE-2022-41181 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 5.5 | CVE-2022-41182 MISC MISC |
sap — 3d_visual_enterprise_author | Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 2022-10-11 | 5.5 | CVE-2022-41183 MISC MISC |
sap — business_objects_business_intelligence_platform | Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. | 2022-10-11 | 6.5 | CVE-2022-39015 MISC MISC |
sap — businessobjects_business_intelligence | SAP BusinessObjects BI LaunchPad – versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | 2022-10-11 | 6.1 | CVE-2022-39800 MISC MISC |
sap — businessobjects_business_intelligence | SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) – versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application. | 2022-10-11 | 5.4 | CVE-2022-41206 MISC MISC |
sap — businessobjects_business_intelligence | Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | 2022-10-11 | 4.9 | CVE-2022-35296 MISC MISC |
sap — customer_data_cloud | SAP Customer Data Cloud (Gigya mobile app for Android) – version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks. | 2022-10-11 | 5.2 | CVE-2022-41209 MISC MISC |
sap — customer_data_cloud | SAP Customer Data Cloud (Gigya mobile app for Android) – version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings. | 2022-10-11 | 5.2 | CVE-2022-41210 MISC MISC |
sap — data_services | SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application’s immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console. | 2022-10-11 | 6.1 | CVE-2022-35226 MISC MISC |
sap — enable_now | The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. | 2022-10-11 | 5.4 | CVE-2022-35297 MISC MISC |
shortpixel — enable_media_replace | The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example | 2022-10-10 | 4.9 | CVE-2022-2554 MISC |
siemens — desigo_pxm30-1_firmware | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Endpoints of the “Operation” web application that interpret and execute Axon language queries allow file read access to the device file system with root privileges. By supplying specific I/O related Axon queries, a remote low-privileged attacker can read sensitive files on the device. | 2022-10-11 | 5.7 | CVE-2022-40177 MISC |
siemens — desigo_pxm30-1_firmware | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Improper Neutralization of Input During Web Page Generation exists in the “Import Files“ functionality of the “Operation” web application, due to the missing validation of the titles of files included in the input package. By uploading a specifically crafted graphics package, a remote low-privileged attacker can execute arbitrary JavaScript code. | 2022-10-11 | 5.4 | CVE-2022-40178 MISC |
siemens — desigo_pxm30-1_firmware | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in the “Import Files“ functionality of the “Operation” web application due to the missing validation of anti-CSRF tokens or other origin checks. A remote unauthenticated attacker can upload and enable permanent arbitrary JavaScript code into the device just by convincing a victim to visit a specifically crafted webpage while logged-in to the device web application. | 2022-10-11 | 5.3 | CVE-2022-40180 MISC |
siemens — logo\!_8_bm_firmware | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory. | 2022-10-11 | 5.3 | CVE-2022-36363 MISC |
siemens — scalance_x200-4p_irt_firmware | A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking. | 2022-10-11 | 6.1 | CVE-2022-40631 MISC |
simplefilelist — simple-file-list | The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it’s content via a CSRF attack. | 2022-10-10 | 6.5 | CVE-2022-3208 MISC |
simplefilelist — simple-file-list | The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-10 | 4.8 | CVE-2022-3207 MISC |
solarwinds — network_configuration_manager | An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. | 2022-10-10 | 6.5 | CVE-2021-35226 MISC |
student_clearance_system_project — student_clearance_system | A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form. | 2022-10-11 | 5.4 | CVE-2022-42235 MISC |
swftools — swftools | SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c. | 2022-10-13 | 5.5 | CVE-2022-35080 MISC MISC |
swftools — swftools | SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c. | 2022-10-13 | 5.5 | CVE-2022-35081 MISC MISC |
taskbuilder — taskbuilder | The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task’s attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file | 2022-10-10 | 5.4 | CVE-2022-3137 MISC |
tenda — ac1206_firmware | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 2022-10-12 | 6.5 | CVE-2022-42077 MISC |
tenda — ac1206_firmware | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | 2022-10-12 | 6.5 | CVE-2022-42078 MISC |
tenda — ax1803_firmware | Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. | 2022-10-12 | 6.5 | CVE-2022-42086 MISC |
tenda — ax1803_firmware | Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 2022-10-12 | 6.5 | CVE-2022-42087 MISC |
tiny-csrf_project — tiny-csrf | tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit `8eead6d` and the patch with be included in version 1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-10-07 | 6.5 | CVE-2022-39287 CONFIRM MISC |
totaljs — total.js | A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings. | 2022-10-07 | 5.4 | CVE-2022-41392 MISC MISC MISC |
trendmicro — apex_one | A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product’s anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability. | 2022-10-10 | 6.7 | CVE-2022-41748 MISC |
vanderbilt — redcap | A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution. | 2022-10-12 | 6.1 | CVE-2022-42715 MISC MISC MISC |
vmware — esxi | VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. | 2022-10-07 | 6.5 | CVE-2022-31681 MISC |
vmware — vrealize_operations | VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data. | 2022-10-11 | 4.9 | CVE-2022-31682 MISC |
web-based_student_clearance_system_project — web-based_student_clearance_system | A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been rated as problematic. Affected by this issue is the function prepare of the file /Admin/add-student.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210356. | 2022-10-08 | 5.4 | CVE-2022-3434 N/A N/A |
webgilde — advanced_comment_form | The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-10-10 | 4.8 | CVE-2022-3220 MISC |
wpchill — download_monitor | The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | 2022-10-10 | 4.9 | CVE-2022-2981 MISC |
wpdarko — top_bar | The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-10 | 4.8 | CVE-2022-2629 MISC |
wpsocialrocket — social_rocket | The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-10 | 4.8 | CVE-2022-3136 MISC |
wpwhitesecurity — wp_2fa | The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don’t mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared. | 2022-10-10 | 5.9 | CVE-2022-2891 MISC |
xen — xapi | XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors. | 2022-10-11 | 5.3 | CVE-2022-33749 MISC CONFIRM MLIST |
xen — xen | P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing. | 2022-10-11 | 6.5 | CVE-2022-33746 MISC CONFIRM MLIST |
xen — xen | lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. | 2022-10-11 | 5.6 | CVE-2022-33748 MISC CONFIRM MLIST |
zimbra — collaboration | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure. | 2022-10-12 | 6.1 | CVE-2022-41348 MISC MISC |
zimbra — collaboration | In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim’s machine. | 2022-10-12 | 6.1 | CVE-2022-41349 MISC MISC |
zimbra — collaboration | In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim’s machine. | 2022-10-12 | 6.1 | CVE-2022-41350 MISC MISC |
zimbra — collaboration | In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10). | 2022-10-12 | 6.1 | CVE-2022-41351 MISC MISC |
zoneminder — zoneminder | ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | 2022-10-07 | 6.5 | CVE-2022-39290 CONFIRM MISC |
zoneminder — zoneminder | ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current “tr” “td” brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the “view=log” page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging. | 2022-10-07 | 5.4 | CVE-2022-39285 MISC MISC CONFIRM |
zoneminder — zoneminder | ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with “View” system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the “/zm/index.php” endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-10-07 | 5.4 | CVE-2022-39291 MISC MISC MISC CONFIRM MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
google — android | Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. | 2022-10-07 | 3.3 | CVE-2022-36868 MISC |
google — android | Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. | 2022-10-07 | 3.3 | CVE-2022-39851 MISC |
huawei — harmonyos | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 2022-10-14 | 3.4 | CVE-2022-41592 MISC MISC |
huawei — harmonyos | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 2022-10-14 | 3.4 | CVE-2022-41593 MISC MISC |
huawei — harmonyos | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 2022-10-14 | 3.4 | CVE-2022-41594 MISC MISC |
huawei — harmonyos | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 2022-10-14 | 3.4 | CVE-2022-41595 MISC MISC |
huawei — harmonyos | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 2022-10-14 | 3.4 | CVE-2022-41597 MISC MISC |
huawei — harmonyos | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 2022-10-14 | 3.4 | CVE-2022-41598 MISC MISC |
huawei — harmonyos | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 2022-10-14 | 3.4 | CVE-2022-41600 MISC MISC |
huawei — harmonyos | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 2022-10-14 | 3.4 | CVE-2022-41601 MISC MISC |
huawei — harmonyos | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 2022-10-14 | 3.4 | CVE-2022-41602 MISC MISC |
huawei — harmonyos | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 2022-10-14 | 3.4 | CVE-2022-41603 MISC MISC |
microsoft — windows_server_2008 | Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. | 2022-10-11 | 3.3 | CVE-2022-38022 MISC |
samsung — factorycamera | Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. | 2022-10-07 | 3.3 | CVE-2022-39861 MISC |
samsung — quick_share | Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast. | 2022-10-07 | 3.5 | CVE-2022-39860 MISC |
samsung — reminder | Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. | 2022-10-07 | 3.3 | CVE-2022-39876 MISC |
samsung — sharelive | Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. | 2022-10-07 | 3.3 | CVE-2022-39872 MISC |
xen — xen | Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest’s P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings. | 2022-10-11 | 3.8 | CVE-2022-33747 MISC CONFIRM MLIST |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
389-ds-base — 389-ds-base | A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. | 2022-10-14 | not yet calculated | CVE-2022-2850 MISC MISC |
adobe — coldfusion | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. | 2022-10-14 | not yet calculated | CVE-2022-35690 MISC |
adobe — dimension | Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | not yet calculated | CVE-2022-38444 MISC |
adobe — dimension | Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-10-14 | not yet calculated | CVE-2022-38445 MISC |
apache — apache_commons_text | Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is “${prefix:name}”, where “prefix” is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: – “script” – execute expressions using the JVM script execution engine (javax.script) – “dns” – resolve dns records – “url” – load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. | 2022-10-13 | not yet calculated | CVE-2022-42889 CONFIRM MLIST |
apache — kylin | Kylin’s cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “– conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier. | 2022-10-13 | not yet calculated | CVE-2022-24697 CONFIRM |
atlassian — jira | The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request. | 2022-10-14 | not yet calculated | CVE-2022-36802 MISC |
atlassian — jira | The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox. | 2022-10-14 | not yet calculated | CVE-2022-36803 MISC |
autodesk — design_review | A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-14 | not yet calculated | CVE-2022-41306 MISC |
autodesk — fbx_sdk | An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-14 | not yet calculated | CVE-2022-41302 MISC |
autodesk — fbx_sdk | A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system. | 2022-10-14 | not yet calculated | CVE-2022-41303 MISC |
autodesk — fbx_sdk | An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure. | 2022-10-14 | not yet calculated | CVE-2022-41304 MISC |
autodesk — subassembly_composer | A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-14 | not yet calculated | CVE-2022-41305 MISC |
autodesk — subassembly_composer | A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-14 | not yet calculated | CVE-2022-41307 MISC |
autodesk — subassembly_composer | A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-14 | not yet calculated | CVE-2022-41308 MISC |
d-link_covr — d-link_covr | D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator. | 2022-10-13 | not yet calculated | CVE-2022-42159 MISC MISC |
d-link_covr — d-link_covr | D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. | 2022-10-13 | not yet calculated | CVE-2022-42161 MISC MISC |
d-link_covr — d-link_covr | D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings. | 2022-10-13 | not yet calculated | CVE-2022-42156 MISC MISC |
d-link_covr — d-link_covr | D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. | 2022-10-13 | not yet calculated | CVE-2022-42160 MISC MISC |
gitee — openharmony | OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. | 2022-10-14 | not yet calculated | CVE-2022-42464 MISC |
gitee — openharmony | OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. | 2022-10-14 | not yet calculated | CVE-2022-42488 MISC |
gitee — openharmony | OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption. | 2022-10-14 | not yet calculated | CVE-2022-41686 MISC |
gitee — openharmony | OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands. | 2022-10-14 | not yet calculated | CVE-2022-42463 MISC |
go — parseacceptlanguage | An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. | 2022-10-14 | not yet calculated | CVE-2022-32149 MISC MISC MISC MISC |
go — reader.read | Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. | 2022-10-14 | not yet calculated | CVE-2022-2879 MISC MISC MISC MISC |
go — reverseproxy | Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request’s Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. | 2022-10-14 | not yet calculated | CVE-2022-2880 MISC MISC MISC MISC |
gocd — gocd | GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the “Access Token Management” admin function. | 2022-10-14 | not yet calculated | CVE-2022-39308 MISC MISC MISC CONFIRM |
gocd — gocd | GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation endpoint exposed agent communication and allowed deserialization of arbitrary java objects, as well as subsequent remote code execution. Exploitation requires agent-level authentication, thus an attacker would need to either compromise an existing agent, its network communication or register a new agent to practically exploit this vulnerability. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. | 2022-10-14 | not yet calculated | CVE-2022-39311 CONFIRM MISC MISC |
gocd — gocd | GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. | 2022-10-14 | not yet calculated | CVE-2022-39309 MISC MISC CONFIRM MISC |
gocd — gocd | GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to broken access control and incorrect validation of agent tokens within the GoCD server. Since work packages can contain sensitive information such as credentials intended only for a given job running against a specific agent environment, this can cause accidental information disclosure. Exploitation requires knowledge of agent identifiers and ability to authenticate as an existing agent with the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. | 2022-10-14 | not yet calculated | CVE-2022-39310 MISC MISC CONFIRM |
grafana — grafana | Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user’s Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds. | 2022-10-13 | not yet calculated | CVE-2022-39201 CONFIRM MISC MISC MISC |
grafana — grafana | Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user’s login attempt by registering someone else’e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`’s email address. This prevents `user_1` logging into the application since `user_1`’s password won’t match with `user_2`’s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue. | 2022-10-13 | not yet calculated | CVE-2022-39229 MISC MISC CONFIRM |
huawei — harmonyos | The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data. | 2022-10-14 | not yet calculated | CVE-2022-38977 MISC |
huawei — harmonyos | The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions. | 2022-10-14 | not yet calculated | CVE-2022-38980 MISC |
huawei — harmonyos | The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage. | 2022-10-14 | not yet calculated | CVE-2022-38981 MISC |
huawei — harmonyos | The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. | 2022-10-14 | not yet calculated | CVE-2022-38982 MISC |
huawei — harmonyos | The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution. | 2022-10-14 | not yet calculated | CVE-2022-38983 MISC MISC |
huawei — harmonyos | The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. | 2022-10-14 | not yet calculated | CVE-2022-38984 MISC MISC |
huawei — harmonyos | The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality. | 2022-10-14 | not yet calculated | CVE-2022-38985 MISC MISC |
huawei — harmonyos | The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability. | 2022-10-14 | not yet calculated | CVE-2022-38986 MISC MISC |
huawei — harmonyos | The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module. | 2022-10-14 | not yet calculated | CVE-2022-39011 MISC MISC |
huawei — harmonyos | The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | 2022-10-14 | not yet calculated | CVE-2021-46839 MISC MISC |
huawei — harmonyos | The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | 2022-10-14 | not yet calculated | CVE-2021-46840 MISC MISC |
huawei — harmonyos | The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. | 2022-10-14 | not yet calculated | CVE-2022-38998 MISC MISC |
huawei — emui/magic_ui | The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information. | 2022-10-14 | not yet calculated | CVE-2022-41578 MISC MISC |
huawei — emui/magic_ui | The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | 2022-10-14 | not yet calculated | CVE-2022-41580 MISC MISC |
huawei — emui/magic_ui | The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module. | 2022-10-14 | not yet calculated | CVE-2022-41583 MISC MISC |
huawei — emui/magic_ui | The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. | 2022-10-14 | not yet calculated | CVE-2022-41584 MISC MISC |
huawei — emui/magic_ui | The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. | 2022-10-14 | not yet calculated | CVE-2022-41585 MISC MISC |
huawei — emui/magic_ui | The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality. | 2022-10-14 | not yet calculated | CVE-2022-41586 MISC MISC |
huawei — emui/magic_ui | Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability. | 2022-10-14 | not yet calculated | CVE-2022-41587 MISC |
huawei — emui/magic_ui | The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. | 2022-10-14 | not yet calculated | CVE-2022-41588 MISC MISC |
huawei — emui/magic_ui | The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability. | 2022-10-14 | not yet calculated | CVE-2022-41589 MISC MISC |
huawei — emui/magic_ui | The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | 2022-10-14 | not yet calculated | CVE-2022-41581 MISC MISC |
huawei — emui/magic_ui | The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability. | 2022-10-14 | not yet calculated | CVE-2022-41582 MISC MISC |
ikea — tradfri_smart_lights | An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | 2022-10-14 | not yet calculated | CVE-2022-39064 MISC |
ikea — tradfri_smart_lights | A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2022-10-14 | not yet calculated | CVE-2022-39065 MISC |
istio — istiod | Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go. | 2022-10-13 | not yet calculated | CVE-2022-39278 MISC CONFIRM MISC MISC |
jasper — jasper | A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. | 2022-10-14 | not yet calculated | CVE-2022-2963 MISC MISC MISC |
liferay — digital_experience_platform | A Cross-site scripting (XSS) vulnerability in the Blog module – add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic. | 2022-10-13 | not yet calculated | CVE-2022-38902 MISC MISC MISC |
linux — linux_kernel | Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. | 2022-10-14 | not yet calculated | CVE-2022-42720 MISC MISC MISC FEDORA FEDORA |
linux — linux_kernel | A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. | 2022-10-14 | not yet calculated | CVE-2022-42721 MISC MISC MISC FEDORA FEDORA |
linux — linux_kernel | An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. | 2022-10-14 | not yet calculated | CVE-2022-41674 MISC MISC MISC MISC MISC FEDORA FEDORA |
linux — linux_kernel | A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. | 2022-10-13 | not yet calculated | CVE-2022-42719 MISC MISC MISC MISC FEDORA FEDORA |
linux — linux_kernel | In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. | 2022-10-14 | not yet calculated | CVE-2022-42722 MISC MISC MISC FEDORA FEDORA |
microsoft — azure | Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L165), as header_length. Then in [L178 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L178), there is a “if” branch, which check the expression of “(header_length – UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE) > data_length” where if header_length is smaller than UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE, calculation could overflow and then [L182 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L182) the calculation of data_length is also overflow, this way the later [while loop start from L192](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L192) can move data_pointer to unexpected address and cause write buffer overflow. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). The following can be used as a workaround: Add check of `header_length`: 1. It must be greater than `UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE`. 1. It should be greater or equal to the current returned data length (`transfer_request -> ux_transfer_request_actual_length`). | 2022-10-13 | not yet calculated | CVE-2022-39293 MISC CONFIRM |
mikrotik — routeros | The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later. | 2022-10-15 | not yet calculated | CVE-2017-20149 MISC MISC |
multiple_vendors — multiple_products | Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. | 2022-10-14 | not yet calculated | CVE-2022-41715 MISC MISC MISC MISC |
nss — nss | A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash. | 2022-10-14 | not yet calculated | CVE-2022-3479 MISC MISC |
october — october | October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the “Editor” section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66. | 2022-10-13 | not yet calculated | CVE-2022-35944 CONFIRM |
octopus_deploy — server | In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack. | 2022-10-14 | not yet calculated | CVE-2022-2780 MISC |
oxhoo_tp50 — oxhoo_tp50 | An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html. | 2022-10-14 | not yet calculated | CVE-2022-41436 MISC |
perfact — openvpn-client | An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user. | 2022-10-14 | not yet calculated | CVE-2021-27406 CONFIRM |
ree6 — ree6 | Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as “Better-Audit-Logging” which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds. | 2022-10-14 | not yet calculated | CVE-2022-39302 CONFIRM MISC |
resistiot — iot_platform_+_lowrawan_network_server | SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive. | 2022-10-13 | not yet calculated | CVE-2022-34022 MISC |
simple_cold_storage_management_system — simple_cold_storage_management_system | Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. | 2022-10-14 | not yet calculated | CVE-2022-42232 MISC |
sourcecodester — online_birth_certificate_management_system | Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability | 2022-10-14 | not yet calculated | CVE-2022-42067 MISC MISC |
sourcecodester — online_birth_certificate_management_system | Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). | 2022-10-14 | not yet calculated | CVE-2022-42070 MISC MISC |
sourcecodester — online_birth_certificate_management_system | Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability. | 2022-10-14 | not yet calculated | CVE-2022-42071 MISC MISC |
sourcecodester — online_tours_&_travels_management_system | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php. | 2022-10-14 | not yet calculated | CVE-2022-41416 MISC |
sourcecodester — sacco_management_system | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php. | 2022-10-14 | not yet calculated | CVE-2022-41535 MISC |
sourcecodester — sacco_management_system | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php. | 2022-10-14 | not yet calculated | CVE-2022-41536 MISC |
sourcecodester — sanitization_management_system | A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Quote Requests Tab. The manipulation of the argument Manage Remarks leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-211015. | 2022-10-15 | not yet calculated | CVE-2022-3519 MISC |
sourcecodester — sanitization_management_system | A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability. | 2022-10-15 | not yet calculated | CVE-2022-3518 MISC |
sourcecodester — sanitization_management_system | A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. This issue affects some unknown processing of the file /php-sms/?p=services/view_service. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210839. | 2022-10-14 | not yet calculated | CVE-2022-3504 N/A N/A |
sourcecodester — sanitization_management_system | A vulnerability was found in SourceCodester Sanitization Management System. It has been classified as problematic. Affected is an unknown function of the file /php-sms/admin/. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210840. | 2022-10-14 | not yet calculated | CVE-2022-3505 N/A N/A |
sourcecodester — wedding_planner | Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-10-14 | not yet calculated | CVE-2022-41538 MISC |
sourcecodester — wedding_planner | Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-10-14 | not yet calculated | CVE-2022-41539 MISC |
tenda — ac1200 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | 2022-10-13 | not yet calculated | CVE-2022-41480 MISC MISC |
tenda — ac1200 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | 2022-10-13 | not yet calculated | CVE-2022-41481 MISC MISC |
tenda — ac1200 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | 2022-10-13 | not yet calculated | CVE-2022-41483 MISC MISC |
tenda — ac1200 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | 2022-10-13 | not yet calculated | CVE-2022-41485 MISC MISC |
tenda — ac1200 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | 2022-10-13 | not yet calculated | CVE-2022-41482 MISC MISC |
tenda — ac1900 | Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | 2022-10-13 | not yet calculated | CVE-2022-41484 MISC MISC |
triangle_microworks — multiple_products | The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition. | 2022-10-11 | not yet calculated | CVE-2022-38138 MISC |
ucms — ucms | There is a file inclusion vulnerability in the template management module in UCMS 1.6 | 2022-10-14 | not yet calculated | CVE-2022-42234 MISC |
unisoc — multiple_products | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-38671 MISC |
unisoc — multiple_products | In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-38690 MISC |
unisoc — multiple_products | In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-38677 MISC |
unisoc — multiple_products | In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-38673 MISC |
unisoc — multiple_products | In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-38672 MISC |
unisoc — multiple_products | In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-38676 MISC |
unisoc — multiple_products | In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-2984 MISC |
unisoc — multiple_products | In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-38687 MISC |
unisoc — multiple_products | In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-38697 MISC |
unisoc — multiple_products | In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-38698 MISC |
unisoc — multiple_products | In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-39080 MISC |
unisoc — multiple_products | In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-39103 MISC |
unisoc — multiple_products | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-39105 MISC |
unisoc — multiple_products | In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-39107 MISC |
unisoc — multiple_products | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-39109 MISC |
unisoc — multiple_products | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-39111 MISC |
unisoc — multiple_products | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-39112 MISC |
unisoc — multiple_products | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-39113 MISC |
unisoc — multiple_products | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-39114 MISC |
unisoc — multiple_products | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-39115 MISC |
unisoc — multiple_products | In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-39117 MISC |
unisoc — multiple_products | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-39120 MISC |
unisoc — multiple_products | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-39121 MISC |
unisoc — multiple_products | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-39122 MISC |
unisoc — multiple_products | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-39123 MISC |
unisoc — multiple_products | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-39124 MISC |
unisoc — multiple_products | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-39125 MISC |
unisoc — multiple_products | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-39126 MISC |
unisoc — multiple_products | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-39127 MISC |
unisoc — multiple_products | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | 2022-10-14 | not yet calculated | CVE-2022-39128 MISC |
unisoc — multiple_products | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-39108 MISC |
unisoc — multiple_products | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-39110 MISC |
unisoc — multiple_products | In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-2985 MISC |
unisoc — multiple_products | In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-38679 MISC |
unisoc — multiple_products | In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-38670 MISC |
unisoc — multiple_products | In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-38669 MISC |
unisoc — multiple_products | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-38688 MISC |
unisoc — multiple_products | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2022-10-14 | not yet calculated | CVE-2022-38689 MISC |
webid — webid | A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories. | 2022-10-14 | not yet calculated | CVE-2022-41477 MISC |
webpack — loader-utils | A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. | 2022-10-14 | not yet calculated | CVE-2022-37603 MISC MISC MISC |
wolfssl — wolfssl | An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.) | 2022-10-15 | not yet calculated | CVE-2022-42961 MISC |
wordpress — wordpress | Cross-site Scripting (XSS) – Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3. | 2022-10-14 | not yet calculated | CVE-2022-3506 CONFIRM MISC |
wordpress — wordpress | Sensitive Data Exposure in Villatheme ALD – AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress. | 2022-10-14 | not yet calculated | CVE-2022-41623 CONFIRM CONFIRM |
zoom — client_for_meetings | Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client. | 2022-10-14 | not yet calculated | CVE-2022-28762 MISC |
zoom — on-premise_meeting_connector_mmr | Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions. | 2022-10-14 | not yet calculated | CVE-2022-28761 MISC |
zoom — on-premise_meeting_connector_mmr | Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | 2022-10-14 | not yet calculated | CVE-2022-28759 MISC |
zoom — on-premise_meeting_connector_mmr | Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | 2022-10-14 | not yet calculated | CVE-2022-28760 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.