US-CERT Bulletin (SB22-284):Vulnerability Summary for the Week of October 3, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
actian — psql If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database. 2022-09-30 8.8 CVE-2022-40756
MISC
MISC
apache — airflow In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn’t prevent an already authenticated user from being able to continue using the UI or API. 2022-10-07 8.1 CVE-2022-41672
CONFIRM
CONFIRM
apache — commons_jxpath Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution. 2022-10-06 9.8 CVE-2022-41852
MISC
arubanetworks — instant There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-06 9.8 CVE-2022-37888
MISC
asus — rt-ax56u_firmware A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by “caupload” input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication. 2022-10-06 8.8 CVE-2021-40556
CONFIRM
MISC
autodesk — autocad A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution. 2022-10-03 7.8 CVE-2022-33885
MISC
autodesk — autocad A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code. 2022-10-03 7.8 CVE-2022-33886
MISC
autodesk — autocad A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process. 2022-10-03 7.8 CVE-2022-33887
MISC
autodesk — autocad A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-03 7.8 CVE-2022-33888
MISC
autodesk — autocad Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-03 7.5 CVE-2022-33884
MISC
autodesk — autodesk_desktop Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code. 2022-10-03 9.8 CVE-2022-33882
MISC
autodesk — design_review A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution. 2022-10-03 7.8 CVE-2022-33889
MISC
autodesk — design_review A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-03 7.8 CVE-2022-33890
MISC
autodesk — moldflow_synergy A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-03 7.8 CVE-2022-33883
MISC
autodesk — subassembly_composer A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-03 7.8 CVE-2022-41301
MISC
axiosys — bento4 Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux. 2022-10-03 8.8 CVE-2022-41428
MISC
axiosys — bento4 Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag. 2022-10-03 8.8 CVE-2022-41429
MISC
axiosys — bento4 Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. 2022-10-03 8.8 CVE-2022-41430
MISC
backdropcms — backdrop_cms Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via ‘themes’ that allows attackers to Remote Code Execution. 2022-10-07 7.2 CVE-2022-42092
MISC
billing_system_project_project — billing_system_project Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php. 2022-09-30 7.2 CVE-2022-41437
MISC
billing_system_project_project — billing_system_project Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php. 2022-09-30 7.2 CVE-2022-41439
MISC
billing_system_project_project — billing_system_project Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php. 2022-09-30 7.2 CVE-2022-41440
MISC
bookingultrapro — booking_ultra_pro_appointments_booking_calendar Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. 2022-09-30 8.8 CVE-2021-36854
CONFIRM
CONFIRM
bus_pass_management_system_project — bus_pass_management_system Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php.. 2022-09-30 9.8 CVE-2022-35156
MISC
MISC
MISC
cisco — ios_xe A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malicious DHCP messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-09-30 7.5 CVE-2022-20847
CISCO
cisco — ios_xe A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-09-30 7.5 CVE-2022-20848
CISCO
cisco — ios_xe A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition. 2022-09-30 7.5 CVE-2022-20856
CISCO
cisco — ios_xe A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition. 2022-09-30 7.5 CVE-2022-20919
CISCO
cisco — ios_xe A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device. 2022-09-30 7.2 CVE-2022-20851
CISCO
cisco — sd-wan_vbond_orchestrator Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. 2022-09-30 7.8 CVE-2022-20818
CISCO
cisco — sd-wan_vmanage Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. 2022-09-30 7.8 CVE-2022-20775
CISCO
cisco — sd-wan_vsmart_controller A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. 2022-09-30 7.1 CVE-2022-20850
CISCO
cloudflare — goflow sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service. 2022-09-30 7.5 CVE-2022-2529
MISC
codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function. 2022-10-07 9.8 CVE-2022-40824
MISC
codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function. 2022-10-07 9.8 CVE-2022-40825
MISC
codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. 2022-10-07 9.8 CVE-2022-40826
MISC
codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. 2022-10-07 9.8 CVE-2022-40827
MISC
codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. 2022-10-07 9.8 CVE-2022-40828
MISC
codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function. 2022-10-07 9.8 CVE-2022-40829
MISC
codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function. 2022-10-07 9.8 CVE-2022-40830
MISC
codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function. 2022-10-07 9.8 CVE-2022-40831
MISC
codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php having() function. 2022-10-07 9.8 CVE-2022-40832
MISC
codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. 2022-10-07 9.8 CVE-2022-40833
MISC
codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. 2022-10-07 9.8 CVE-2022-40834
MISC
codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. 2022-10-07 9.8 CVE-2022-40835
MISC
creativedream_file_uploader_project — creativedream_file_uploader Arbitrary file upload vulnerability in php uploader 2022-10-03 9.8 CVE-2022-40721
MISC
MISC
MLIST
css-what_project — css-what The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function. 2022-09-30 7.5 CVE-2022-21222
CONFIRM
CONFIRM
dairy_farm_shop_management_system_project — dairy_farm_shop_management_system Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file. 2022-09-30 9.8 CVE-2022-40943
MISC
MISC
dairy_farm_shop_management_system_project — dairy_farm_shop_management_system Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file. 2022-09-30 9.8 CVE-2022-40944
MISC
MISC
MISC
dedecms — dedecms DedeCMS 5.7.98 has a file upload vulnerability in the background. 2022-10-03 7.2 CVE-2022-40886
MISC
dell — hybrid_client Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. 2022-09-30 7.1 CVE-2022-34429
MISC
fasterxml — jackson-databind In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. 2022-10-02 7.5 CVE-2022-42003
MISC
MISC
MISC
fasterxml — jackson-databind In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. 2022-10-02 7.5 CVE-2022-42004
MISC
MISC
MISC
flyte — flyteadmin FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the default configuration for Flyte Admin allows access for Flyte Propeller even after turning on authentication via a hardcoded hashed password. This password is also set on the default Flyte Propeller configmap in the various Flyte Helm charts. Users who enable auth but do not override this setting in Flyte Admin’s configuration may unbeknownst to them be allowing public traffic in by way of this default password with attackers effectively impersonating propeller. This only applies to users who have not specified the ExternalAuthorizationServer setting. Usage of an external auth server automatically turns off this default configuration and are not susceptible to this vulnerability. This issue has been addressed in version 1.1.44. Users should manually set the staticClients in the selfAuthServer section of their configuration if they intend to rely on Admin’s internal auth server. Again, users who use an external auth server are automatically protected from this vulnerability. 2022-10-06 7.5 CVE-2022-39273
MISC
CONFIRM
MISC
generex — cs141_firmware Generex CS141 before 2.08 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh). 2022-10-06 7.2 CVE-2022-42457
MISC
MISC
MISC
google — android Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. 2022-10-07 7.8 CVE-2022-39854
MISC
gridea — gridea Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the ‘nodeIntegration’ option enabled. 2022-09-30 7.8 CVE-2022-40274
MISC
MISC
hitachi — storage_plug-in Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects: Hitachi Storage Plug-in for VMware vCenter 04.8.0. 2022-10-06 8.8 CVE-2022-2637
MISC
htmly — htmly Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. 2022-09-30 8.1 CVE-2021-33354
MISC
ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889. 2022-10-07 7.5 CVE-2022-22480
XF
CONFIRM
ibm — websphere_automation_for_ibm_cloud_pak_for_watson_aiops IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449. 2022-10-07 8.8 CVE-2022-22493
XF
CONFIRM
ikus-soft — rdiffweb Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. 2022-10-06 9.8 CVE-2022-3273
MISC
CONFIRM
ikus-soft — rdiffweb Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. 2022-09-30 7.5 CVE-2022-3371
CONFIRM
MISC
ikus-soft — rdiffweb Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10. 2022-10-06 7.5 CVE-2022-3389
CONFIRM
MISC
innovaphone — innovaphone_firmware AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. 2022-09-30 9.8 CVE-2022-41870
MISC
joplinapp — joplin Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the ‘shell.openExternal’ function. 2022-09-30 7.8 CVE-2022-40277
MISC
MISC
lighttpd — lighttpd A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. 2022-10-06 7.5 CVE-2022-41556
MISC
MISC
MISC
linuxfoundation — dapr_dashboard Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data. 2022-10-03 7.5 CVE-2022-38817
MISC
MISC
microsoft — exchange_server Microsoft Exchange Server Elevation of Privilege Vulnerability. 2022-10-03 8.8 CVE-2022-41040
MISC
CERT-VN
microsoft — exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability. 2022-10-03 8.8 CVE-2022-41082
MISC
CERT-VN
mojoportal — mojoportal mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. 2022-09-30 8.8 CVE-2022-40341
MISC
MISC
moodle — moodle A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. 2022-09-30 9.8 CVE-2022-40314
MISC
MISC
moodle — moodle A limited SQL injection risk was identified in the “browse list of users” site administration page. 2022-09-30 9.8 CVE-2022-40315
MISC
MISC
moodle — moodle Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. 2022-10-06 8.8 CVE-2022-2986
MISC
MISC
moodle — moodle Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. 2022-09-30 7.1 CVE-2022-40313
MISC
MISC
mybb — mybb MyBB is a free and open source forum software. The _Mail Settings_ ? Additional Parameters for PHP’s mail() function mail_parameters setting value, in connection with the configured mail program’s options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2022-10-06 7.2 CVE-2022-39265
MISC
CONFIRM
MISC
MISC
najeebmedia — frontend_file_manager The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE 2022-10-03 8.8 CVE-2022-3125
MISC
nedi — nedi In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 <= and NeDi for Suse 1.0.7 <= and NeDi for FreeBSD 1.0.7 <=. 2022-10-06 9.1 CVE-2022-40895
MISC
MISC
MISC
octopus — octopus_server In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. 2022-09-30 9.8 CVE-2022-2778
MISC
omron — cx-programmer OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. 2022-10-06 9.8 CVE-2022-3396
CONFIRM
omron — cx-programmer OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. 2022-10-06 9.8 CVE-2022-3397
CONFIRM
omron — cx-programmer OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. 2022-10-06 9.8 CVE-2022-3398
CONFIRM
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-07 7.2 CVE-2022-41512
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php. 2022-10-07 7.2 CVE-2022-41513
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. 2022-10-07 7.2 CVE-2022-42073
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. 2022-10-07 7.2 CVE-2022-42074
MISC
online_leave_management_system_project — online_leave_management_system Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department. 2022-10-06 7.2 CVE-2022-41355
MISC
online_pet_shop_we_app_project — online_pet_shop_we_app Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. 2022-10-07 7.2 CVE-2022-41377
MISC
online_pet_shop_we_app_project — online_pet_shop_we_app Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory. 2022-10-07 7.2 CVE-2022-41378
MISC
open_source_sacco_management_system_project — open_source_sacco_management_system Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan. 2022-10-07 7.2 CVE-2022-41514
MISC
open_source_sacco_management_system_project — open_source_sacco_management_system Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. 2022-10-07 7.2 CVE-2022-41515
MISC
orchest — orchest ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user’s account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at [email protected] 2022-09-30 8.1 CVE-2022-39268
MISC
MISC
MISC
CONFIRM
phpipam — phpipam phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php. 2022-10-03 9.8 CVE-2022-41443
MISC
pjsip — pjsip PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue. 2022-10-06 9.8 CVE-2022-39244
MISC
CONFIRM
pjsip — pjsip PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability. 2022-10-06 9.1 CVE-2022-39269
MISC
CONFIRM
pyup — dependency_parser dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed. 2022-10-06 7.5 CVE-2022-39280
MISC
MISC
MISC
CONFIRM
realvnc — vnc_server RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. 2022-09-30 7.8 CVE-2022-41975
MISC
samsung — factorycamera Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege. 2022-10-07 7.8 CVE-2022-39858
MISC
semtech — loramac-node LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds write. The function `ProcessRadioRxDone` implicitly expects incoming radio frames to have at least a payload of one byte or more. An empty payload leads to a 1-byte out-of-bounds read of user controlled content when the payload buffer is reused. This allows an attacker to craft a FRAME_TYPE_PROPRIETARY frame with size -1 which results in an 65280-byte out-of-bounds memcopy likely with partially controlled attacker data. Corrupting a large part if the data section is likely to cause a DoS. If the large out-of-bounds write does not immediately crash the attacker may gain control over the execution due to now controlling large parts of the data section. Users are advised to upgrade either by updating their package or by manually applying the patch commit `e851b079`. 2022-10-06 9.8 CVE-2022-39274
MISC
MISC
CONFIRM
simple_cold_storage_management_system_project — simple_cold_storage_management_system Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message. 2022-10-06 7.2 CVE-2022-42241
MISC
simple_cold_storage_management_system_project — simple_cold_storage_management_system Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking. 2022-10-06 7.2 CVE-2022-42242
MISC
simple_cold_storage_management_system_project — simple_cold_storage_management_system Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=. 2022-10-06 7.2 CVE-2022-42243
MISC
simple_cold_storage_management_system_project — simple_cold_storage_management_system Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=. 2022-10-06 7.2 CVE-2022-42249
MISC
simple_cold_storage_management_system_project — simple_cold_storage_management_system Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=. 2022-10-06 7.2 CVE-2022-42250
MISC
simple_e-learning_system_project — simple_e-learning_system An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode. 2022-10-07 9.8 CVE-2022-40872
MISC
snyk — cli Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1. This affects, for example, the Snyk TeamCity plugin (which does not update automatically) before 20220930.142957. 2022-10-03 7.8 CVE-2022-40764
MISC
MISC
MISC
MISC
solarwinds — orion_platform A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. 2022-09-30 8.8 CVE-2022-36961
MISC
MISC
sonicjs — sonicjs SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete. 2022-10-01 9.1 CVE-2022-42002
MISC
MISC
swmansion — react_native_reanimated The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js. 2022-09-30 7.5 CVE-2022-24373
CONFIRM
CONFIRM
CONFIRM
CONFIRM
sylabs — singularity_image_format syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. 2022-10-06 9.8 CVE-2022-39237
CONFIRM
MISC
tooljet — tooljet Account Takeover :: when see the info i can see the hash pass i can creaked it …………… Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the pass 2022-10-07 7.5 CVE-2022-3422
CONFIRM
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. 2022-10-03 9.8 CVE-2022-42302
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. 2022-10-03 9.8 CVE-2022-42303
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. 2022-10-03 9.8 CVE-2022-42304
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service. 2022-10-03 9.8 CVE-2022-42307
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. 2022-10-03 8.8 CVE-2022-42301
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. 2022-10-03 7.5 CVE-2022-42299
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. 2022-10-03 7.5 CVE-2022-42305
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. 2022-10-03 7.1 CVE-2022-42308
MISC
vmware — rabbitmq RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins. 2022-10-06 7.5 CVE-2022-31008
MISC
CONFIRM
web-based_student_clearance_system_project — web-based_student_clearance_system A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. Affected is an unknown function of the file /Admin/login.php of the component POST Parameter Handler. The manipulation of the argument txtusername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210246 is the identifier assigned to this vulnerability. 2022-10-07 9.8 CVE-2022-3414
N/A
N/A
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — experience_manager Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM. 2022-09-30 5.4 CVE-2022-28851
MISC
apache — commons_jxpath Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. 2022-10-06 6.5 CVE-2022-40157
MISC
apache — commons_jxpath Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. 2022-10-06 6.5 CVE-2022-40158
MISC
apache — commons_jxpath Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. 2022-10-06 6.5 CVE-2022-40159
MISC
apache — commons_jxpath Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. 2022-10-06 6.5 CVE-2022-40160
MISC
apache — commons_jxpath Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. 2022-10-06 6.5 CVE-2022-40161
MISC
avaya — aura_application_enablement_services A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. 2022-10-06 6.7 CVE-2022-2975
MISC
axiosys — bento4 Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary. 2022-10-03 6.5 CVE-2022-41419
MISC
axiosys — bento4 Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component. 2022-10-03 6.5 CVE-2022-41423
MISC
axiosys — bento4 Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in mp42hls. 2022-10-03 6.5 CVE-2022-41424
MISC
axiosys — bento4 Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4decrypt. 2022-10-03 6.5 CVE-2022-41425
MISC
axiosys — bento4 Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStream function in mp4split. 2022-10-03 6.5 CVE-2022-41426
MISC
axiosys — bento4 Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux. 2022-10-03 6.5 CVE-2022-41427
MISC
axiosys — bento4 An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File. 2022-09-30 5.5 CVE-2022-41841
MISC
axiosys — bento4 An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h. 2022-09-30 5.5 CVE-2022-41845
MISC
MISC
axiosys — bento4 An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. 2022-09-30 5.5 CVE-2022-41846
MISC
MISC
axiosys — bento4 An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp. 2022-09-30 5.5 CVE-2022-41847
MISC
MISC
MISC
beckmancoulter — remisol_advance The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. 2022-10-06 5.5 CVE-2022-26237
MISC
MISC
beckmancoulter — remisol_advance The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. 2022-10-06 5.5 CVE-2022-26239
MISC
MISC
bookingultrapro — booking_ultra_pro_appointments_booking_calendar Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress. 2022-09-30 6.1 CVE-2021-36855
CONFIRM
CONFIRM
bosch — bosch_video_management_system Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x. 2022-09-30 5.9 CVE-2022-32540
CONFIRM
bus_pass_management_system_project — bus_pass_management_system Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. 2022-09-30 6.1 CVE-2022-35155
MISC
MISC
MISC
canon — medical_vitrea_view Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information. 2022-09-30 6.1 CVE-2022-37461
MISC
MISC
CONFIRM
centreon — centreon A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter. 2022-10-06 5.4 CVE-2022-39988
MISC
cisco — aironet_1542d_firmware A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed. 2022-09-30 4.7 CVE-2022-20728
CISCO
cisco — catalyst_9800-l_firmware A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition. 2022-09-30 6.5 CVE-2022-20945
CISCO
cisco — duo A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a smart card login to bypass Duo authentication. A successful exploit could allow the attacker to use any personal identity verification (PIV) smart card for authentication, even if the smart card is not assigned to the authenticating user. 2022-09-30 6.8 CVE-2022-20662
CISCO
cisco — ios_xe A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller. 2022-09-30 6.7 CVE-2022-20855
CISCO
cisco — ios_xe A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device. 2022-09-30 6.5 CVE-2022-20810
CISCO
cisco — sd-wan A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses. 2022-09-30 5.3 CVE-2022-20844
CISCO
cisco — sd-wan_vmanage A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition. 2022-09-30 6.7 CVE-2022-20930
CISCO
cisco — wireless_lan_controller_software A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled. 2022-09-30 6.5 CVE-2022-20769
CISCO
comment_guestbook_project — comment_guestbook Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress. 2022-09-30 4.8 CVE-2021-36830
CONFIRM
CONFIRM
discourse — discotoc DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories (and have sufficient trust level – configured in component’s settings) are able to inject arbitrary HTML on that topic’s page. The issue has been fixed on the `main` branch. Admins can update the theme component through the admin UI (Customize -> Themes -> Components -> DiscoTOC -> Check for Updates). Alternatively, admins can temporarily disable the DiscoTOC theme component. 2022-10-06 5.4 CVE-2022-39270
MISC
CONFIRM
dnnsoftware — dotnetnuke Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. 2022-09-30 4.9 CVE-2022-2922
MISC
CONFIRM
donation_thermometer_project — donation_thermometer The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-10-03 4.8 CVE-2022-3128
MISC
dsgvo-for-wp — dsgvo_all_in_one_for_wp The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-10-03 4.8 CVE-2022-2628
MISC
goolytics_project — goolytics The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-10-03 4.8 CVE-2022-3132
MISC
heartex — label_studio A Server Side Request Forgery (SSRF) in the Data Import module in Heartex – Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF. 2022-10-03 6.5 CVE-2022-36551
MISC
MISC
MISC
ibm — cics_tx IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. 2022-10-07 5.5 CVE-2022-34308
CONFIRM
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. 2022-10-07 6.5 CVE-2022-36772
XF
CONFIRM
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699. 2022-10-07 6.5 CVE-2022-41291
XF
CONFIRM
ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366. 2022-10-07 5.5 CVE-2022-30613
XF
CONFIRM
ibm — robotic_process_automation IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807. 2022-10-06 6.5 CVE-2022-41294
XF
CONFIRM
ibm — robotic_process_automation IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125. 2022-10-06 6.1 CVE-2022-22503
XF
CONFIRM
ibm — robotic_process_automation IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. 2022-10-06 5.3 CVE-2022-36774
XF
CONFIRM
ibm — robotic_process_automation_for_cloud_pak IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291. 2022-10-06 6.1 CVE-2022-38709
XF
CONFIRM
lief-project — lief A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. 2022-10-03 6.5 CVE-2022-40922
MISC
lief-project — lief A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. 2022-09-30 6.5 CVE-2022-40923
MISC
linux — linux_kernel roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. 2022-09-30 4.7 CVE-2022-41850
MISC
linux — linux_kernel drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. 2022-09-30 4.2 CVE-2022-41848
MISC
MISC
linux — linux_kernel drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. 2022-09-30 4.2 CVE-2022-41849
MISC
linuxfoundation — dex Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue. 2022-10-06 6.5 CVE-2022-39222
CONFIRM
MISC
mojoportal — mojoportal mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the “f” parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system. 2022-10-03 6.5 CVE-2022-40123
MISC
MISC
moodle — moodle The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. 2022-09-30 4.3 CVE-2022-40316
MISC
MISC
najeebmedia — frontend_file_manager The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server 2022-10-03 5.3 CVE-2022-3124
MISC
nasm — netwide_assembler nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component 2022-10-03 5.5 CVE-2022-41420
MISC
octopus — octopus_server In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. 2022-10-06 5.3 CVE-2022-2781
MISC
octopus — octopus_server In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token 2022-10-06 5.3 CVE-2022-2783
MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. 2022-10-07 6.1 CVE-2020-15855
MISC
orchardcore — orchardcore In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. 2022-10-03 5.4 CVE-2022-32173
MISC
MISC
pfsense — pfsense pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name. 2022-10-03 6.1 CVE-2022-42247
MISC
MISC
pingidentity — pingcentral PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. 2022-09-30 4.9 CVE-2022-23726
MISC
CONFIRM
pulsesecure — pulse_connect_secure Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request’s Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS. 2022-09-30 5.4 CVE-2022-21826
MISC
pyup — dependency_parser Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following information: Estimating database row counts from tables with a sequential primary key or Exposing staff user and customer email addresses and full name through the `assignNavigation()` mutation. This issue has been patched in main and backported to multiple releases (3.7.17, 3.6.18, 3.5.23, 3.4.24, 3.3.26, 3.2.14, 3.1.24). Users are advised to upgrade. There are no known workarounds for this issue. 2022-10-06 4.3 CVE-2022-39275
CONFIRM
MISC
quizandsurveymaster — quiz_and_survey_master Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz. 2022-09-30 4.3 CVE-2021-36865
CONFIRM
CONFIRM
samsung — factorycamerafb Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege. 2022-10-07 5.5 CVE-2022-39857
MISC
samsung — group_sharing Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. 2022-10-07 5.3 CVE-2022-39877
MISC
samsung — internet Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. 2022-10-07 4.6 CVE-2022-39873
MISC
solarwinds — solarwinds_platform Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). 2022-09-30 6.1 CVE-2022-36965
CONFIRM
CONFIRM
spacexchimp — social_media_follow_buttons_bar Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress. 2022-09-30 4.8 CVE-2021-36839
CONFIRM
CONFIRM
spsoftmobile — applock AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations. 2022-09-30 6.6 CVE-2022-1959
MISC
MISC
suse — linux_enterprise_server A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225. 2022-10-06 4.4 CVE-2022-31252
CONFIRM
veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.) 2022-10-03 6.5 CVE-2022-42300
MISC
veritas — netbackup An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process. 2022-10-03 5.5 CVE-2022-42306
MISC
wp_socializer_project — wp_socializer The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-10-03 4.8 CVE-2022-2763
MISC
xgenecloud — nocodb Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0. 2022-10-07 6.5 CVE-2022-3423
CONFIRM
MISC
xpdfreader — xpdf An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc. 2022-09-30 5.5 CVE-2022-41842
MISC
MISC
xpdfreader — xpdf An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928. 2022-09-30 5.5 CVE-2022-41843
MISC
MISC
xpdfreader — xpdf An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088. 2022-09-30 5.5 CVE-2022-41844
MISC
MISC
MISC
yetiforce — yetiforce_customer_relationship_management Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. 2022-10-06 5.4 CVE-2022-3002
MISC
CONFIRM
zephyr-one — zephyr_project_manager The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins. 2022-10-03 5.4 CVE-2022-2839
MISC
zinclabs — zinc In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s credentials. 2022-10-06 5.4 CVE-2022-32171
MISC
MISC
zinclabs — zinc In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’s credentials. 2022-10-06 5.4 CVE-2022-32172
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
dell — hybrid_client Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. 2022-09-30 2.7 CVE-2022-34428
MISC
google — android Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. 2022-10-07 3.3 CVE-2022-39848
MISC
google — android Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. 2022-10-07 3.3 CVE-2022-39849
MISC
google — android Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. 2022-10-07 3.3 CVE-2022-39850
MISC
google — android Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information. 2022-10-07 3.3 CVE-2022-39856
MISC
samsung — uphelper_library Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent. 2022-10-07 3.3 CVE-2022-39859
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
aruba — multiple_products There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-07 not yet calculated CVE-2022-37885
MISC
aruba — multiple_products An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. 2022-10-07 not yet calculated CVE-2022-37894
MISC
aruba — multiple_products An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. 2022-10-07 not yet calculated CVE-2022-37895
MISC
aruba — multiple_products A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. 2022-10-07 not yet calculated CVE-2022-37896
MISC
aruba — multiple_products
 
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-07 not yet calculated CVE-2022-37886
MISC
aruba — multiple_products
 
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-07 not yet calculated CVE-2022-37887
MISC
aruba — multiple_products
 
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-07 not yet calculated CVE-2022-37889
MISC
aruba — multiple_products
 
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-07 not yet calculated CVE-2022-37890
MISC
aruba — multiple_products
 
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-07 not yet calculated CVE-2022-37891
MISC
aruba — multiple_products
 
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability. 2022-10-07 not yet calculated CVE-2022-37892
MISC
aruba — multiple_products
 
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. 2022-10-07 not yet calculated CVE-2022-37893
MISC
autodesk — image_processing A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. 2022-10-07 not yet calculated CVE-2021-40162
MISC
autodesk — image_processing A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component. 2022-10-07 not yet calculated CVE-2021-40163
MISC
autodesk — image_processing A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. 2022-10-07 not yet calculated CVE-2021-40164
MISC
autodesk — image_processing A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. 2022-10-07 not yet calculated CVE-2021-40165
MISC
autodesk — image_processing A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code. 2022-10-07 not yet calculated CVE-2021-40166
MISC
beckman_coulter — remisol_advance A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows. 2022-10-06 not yet calculated CVE-2022-26235
MISC
MISC
beckman_coulter — remisol_advance The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. 2022-10-06 not yet calculated CVE-2022-26236
MISC
MISC
beckman_coulter — remisol_advance The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. 2022-10-06 not yet calculated CVE-2022-26238
MISC
MISC
beckman_coulter — remisol_advance The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. 2022-10-06 not yet calculated CVE-2022-26240
MISC
MISC
codeigniter — codeigniter
 
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does not affect session cookies. Users are advised to upgrade to v4.2.7 or later. Users unable to upgrade are advised to manually construct their cookies either by setting the options in code or by constructing Cookie objects. Examples of each workaround are available in the linked GHSA. 2022-10-06 not yet calculated CVE-2022-39284
MISC
MISC
CONFIRM
MISC
MISC
MISC
discourse — discourse-chat
 
discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel’s name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsafe HTML into them. Version 0.9 has addressed this issue. Users are advised to upgrade. There are no known workarounds for this issue. 2022-10-06 not yet calculated CVE-2022-39279
CONFIRM
MISC
facebook — hermes It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when asserts were enabled). This issue affects Hermes versions prior to v0.12.0. 2022-10-06 not yet calculated CVE-2022-27810
CONFIRM
fat_free_crm — fat_free_crm
 
fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit `c85a254` and will be available in release `0.20.1`. Users are advised to upgrade or to manually apply patch `c85a254`. There are no known workarounds for this issue. 2022-10-08 not yet calculated CVE-2022-39281
MISC
MISC
CONFIRM

gradle_enterprise — gradle_enterprise

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2. 2022-10-07 not yet calculated CVE-2022-41574
MISC
MISC
hancom — office_2020
 
A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability. 2022-10-07 not yet calculated CVE-2022-33896
MISC

hsqldb — hsqldb

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property “hsqldb.method_class_names” to classes which are allowed to be called. For example, System.setProperty(“hsqldb.method_class_names”, “abc”) or Java argument -Dhsqldb.method_class_names=”abc” can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled. 2022-10-06 not yet calculated CVE-2022-41853
MISC
MISC
ikus060 — rdiffweb
 
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. 2022-10-06 not yet calculated CVE-2022-3376
MISC
CONFIRM
internet_systems_consortium — dhcp
 
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option’s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. 2022-10-07 not yet calculated CVE-2022-2928
CONFIRM
internet_systems_consortium — dhcp
 
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. 2022-10-07 not yet calculated CVE-2022-2929
CONFIRM
johnson_controls — metasys_adx_server
 
On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. 2022-10-07 not yet calculated CVE-2022-21936
CERT
CONFIRM

liferay — liferay_portal

An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. 2022-10-07 not yet calculated CVE-2022-41414
MISC
linux — kernel A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. 2022-10-08 not yet calculated CVE-2022-3435
N/A
N/A
mediatek — cpu_dvfs In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405. 2022-10-07 not yet calculated CVE-2022-32592
MISC
mediatek — ims In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID: ALPS07319095. 2022-10-07 not yet calculated CVE-2022-26472
MISC
mediatek — isp In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID: ALPS07262305. 2022-10-07 not yet calculated CVE-2022-26452
MISC
mediatek — ril
 
In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259. 2022-10-07 not yet calculated CVE-2022-32591
MISC
mediatek — sensorhub In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717. 2022-10-07 not yet calculated CVE-2022-26474
MISC
mediatek — telephony In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319121; Issue ID: ALPS07319121. 2022-10-07 not yet calculated CVE-2022-26471
MISC
mediatek — vdec_fmt In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID: ALPS07342197. 2022-10-07 not yet calculated CVE-2022-26473
MISC
mediatek — vowe
 
In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493. 2022-10-07 not yet calculated CVE-2022-32593
MISC
mediatek — wi-fi_driver
 
In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID: ALPS07030600. 2022-10-07 not yet calculated CVE-2022-32589
MISC
mediatek — wlan In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743. 2022-10-07 not yet calculated CVE-2022-26475
MISC
mediatek — wlan
 
In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425. 2022-10-07 not yet calculated CVE-2022-32590
MISC
nps — nps NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters. 2022-10-06 not yet calculated CVE-2022-40494
MISC
MISC

online_leave_management_system — online_leave_management_system

An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-07 not yet calculated CVE-2022-41379
MISC

panini — panini_everest_engine 

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file. 2022-10-07 not yet calculated CVE-2022-39959
MISC
MISC
perforce — puppet Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. 2022-10-07 not yet calculated CVE-2022-3276
MISC
perforce — puppet
 
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. 2022-10-07 not yet calculated CVE-2022-3275
MISC
picuploader — picuploader PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php. 2022-10-07 not yet calculated CVE-2022-41442
MISC
MISC
samsung — cocktailbarservice Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. 2022-10-07 not yet calculated CVE-2022-39851
MISC

samsung — dynamic_lockscreen

Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. 2022-10-07 not yet calculated CVE-2022-39862
MISC
samsung — facm Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. 2022-10-07 not yet calculated CVE-2022-39855
MISC

samsung — factorycamera

Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. 2022-10-07 not yet calculated CVE-2022-39861
MISC
samsung — libagifencoder.quram.so_library A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution. 2022-10-07 not yet calculated CVE-2022-39852
MISC
samsung — mobile Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. 2022-10-07 not yet calculated CVE-2022-39847
MISC
samsung — mousenkeyhiddevice Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. 2022-10-07 not yet calculated CVE-2022-36868
MISC
samsung — perf-mgr_driver A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. 2022-10-07 not yet calculated CVE-2022-39853
MISC
samsung — quickshare Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast. 2022-10-07 not yet calculated CVE-2022-39860
MISC
samsung — samsung_account Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. 2022-10-07 not yet calculated CVE-2022-39863
MISC

samsung — samsung_account

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. 2022-10-07 not yet calculated CVE-2022-39874
MISC

samsung — samsung_account

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. 2022-10-07 not yet calculated CVE-2022-39875
MISC
samsung — samsung_checkout Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast. 2022-10-07 not yet calculated CVE-2022-39878
MISC

samsung — sharelive

Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. 2022-10-07 not yet calculated CVE-2022-39872
MISC

samsung — smartthings

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. 2022-10-07 not yet calculated CVE-2022-39864
MISC

samsung — smartthings

Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. 2022-10-07 not yet calculated CVE-2022-39865
MISC

samsung — smartthings

Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. 2022-10-07 not yet calculated CVE-2022-39866
MISC

samsung — smartthings

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. 2022-10-07 not yet calculated CVE-2022-39867
MISC

samsung — smartthings

Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. 2022-10-07 not yet calculated CVE-2022-39868
MISC

samsung — smartthings

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. 2022-10-07 not yet calculated CVE-2022-39869
MISC

samsung — smartthings

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. 2022-10-07 not yet calculated CVE-2022-39870
MISC

samsung — smartthings

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. 2022-10-07 not yet calculated CVE-2022-39871
MISC
samsung — sreminder Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. 2022-10-07 not yet calculated CVE-2022-39876
MISC
sourcecodester — student_clearance_system
 
A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been rated as problematic. Affected by this issue is the function prepare of the file /Admin/add-student.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210356. 2022-10-08 not yet calculated CVE-2022-3434
N/A
N/A
tiny-csrf — tiny-csrf
 
tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit `8eead6d` and the patch with be included in version 1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. 2022-10-07 not yet calculated CVE-2022-39287
CONFIRM
MISC
totaljs — totaljs A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings. 2022-10-07 not yet calculated CVE-2022-41392
MISC

totolink — totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function 2022-10-06 not yet calculated CVE-2022-41517
MISC

totolink — totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. 2022-10-06 not yet calculated CVE-2022-41518
MISC

totolink — totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function. 2022-10-06 not yet calculated CVE-2022-41520
MISC

totolink — totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function. 2022-10-06 not yet calculated CVE-2022-41521
MISC

totolink — totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the “main” function. 2022-10-06 not yet calculated CVE-2022-41522
MISC

totolink — totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function. 2022-10-06 not yet calculated CVE-2022-41523
MISC

totolink — totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function. 2022-10-06 not yet calculated CVE-2022-41524
MISC

totolink — totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi. 2022-10-06 not yet calculated CVE-2022-41525
MISC

totolink — totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function. 2022-10-06 not yet calculated CVE-2022-41526
MISC

totolink — totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function. 2022-10-06 not yet calculated CVE-2022-41527
MISC

totolink — totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. 2022-10-06 not yet calculated CVE-2022-41528
MISC
vmware — multiple_products
 
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. 2022-10-07 not yet calculated CVE-2022-31680
MISC
MISC
vmware — multiple_products
 
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. 2022-10-07 not yet calculated CVE-2022-31681
MISC
wedding_planner — wedding_planner Wedding Planner v1.0 is vulnerable to has arbitrary code execution. 2022-10-07 not yet calculated CVE-2022-42075
MISC
zkteco — zkbiosecurity An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. 2022-10-07 not yet calculated CVE-2022-36634
MISC
MISC
MISC
zkteco — zkbiosecurity ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do. 2022-10-07 not yet calculated CVE-2022-36635
MISC
MISC
MISC
zoneminder — zoneminder ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-10-07 not yet calculated CVE-2022-39290
CONFIRM
MISC
zoneminder — zoneminder
 
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current “tr” “td” brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the “view=log” page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging. 2022-10-07 not yet calculated CVE-2022-39285
MISC
MISC
CONFIRM
zoneminder — zoneminder
 
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging. 2022-10-07 not yet calculated CVE-2022-39289
MISC
CONFIRM
zoneminder — zoneminder
 
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with “View” system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the “/zm/index.php” endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue. 2022-10-07 not yet calculated CVE-2022-39291
MISC
MISC
MISC
CONFIRM
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn