US-CERT Bulletin (SB22-284):Vulnerability Summary for the Week of October 3, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| actian — psql | If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database. | 2022-09-30 | 8.8 | CVE-2022-40756 MISC MISC |
| apache — airflow | In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn’t prevent an already authenticated user from being able to continue using the UI or API. | 2022-10-07 | 8.1 | CVE-2022-41672 CONFIRM CONFIRM |
| apache — commons_jxpath | Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution. | 2022-10-06 | 9.8 | CVE-2022-41852 MISC |
| arubanetworks — instant | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-06 | 9.8 | CVE-2022-37888 MISC |
| asus — rt-ax56u_firmware | A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by “caupload” input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication. | 2022-10-06 | 8.8 | CVE-2021-40556 CONFIRM MISC |
| autodesk — autocad | A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution. | 2022-10-03 | 7.8 | CVE-2022-33885 MISC |
| autodesk — autocad | A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code. | 2022-10-03 | 7.8 | CVE-2022-33886 MISC |
| autodesk — autocad | A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process. | 2022-10-03 | 7.8 | CVE-2022-33887 MISC |
| autodesk — autocad | A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-03 | 7.8 | CVE-2022-33888 MISC |
| autodesk — autocad | Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-03 | 7.5 | CVE-2022-33884 MISC |
| autodesk — autodesk_desktop | Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code. | 2022-10-03 | 9.8 | CVE-2022-33882 MISC |
| autodesk — design_review | A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution. | 2022-10-03 | 7.8 | CVE-2022-33889 MISC |
| autodesk — design_review | A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-03 | 7.8 | CVE-2022-33890 MISC |
| autodesk — moldflow_synergy | A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-03 | 7.8 | CVE-2022-33883 MISC |
| autodesk — subassembly_composer | A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-10-03 | 7.8 | CVE-2022-41301 MISC |
| axiosys — bento4 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux. | 2022-10-03 | 8.8 | CVE-2022-41428 MISC |
| axiosys — bento4 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag. | 2022-10-03 | 8.8 | CVE-2022-41429 MISC |
| axiosys — bento4 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. | 2022-10-03 | 8.8 | CVE-2022-41430 MISC |
| backdropcms — backdrop_cms | Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via ‘themes’ that allows attackers to Remote Code Execution. | 2022-10-07 | 7.2 | CVE-2022-42092 MISC |
| billing_system_project_project — billing_system_project | Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php. | 2022-09-30 | 7.2 | CVE-2022-41437 MISC |
| billing_system_project_project — billing_system_project | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php. | 2022-09-30 | 7.2 | CVE-2022-41439 MISC |
| billing_system_project_project — billing_system_project | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php. | 2022-09-30 | 7.2 | CVE-2022-41440 MISC |
| bookingultrapro — booking_ultra_pro_appointments_booking_calendar | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | 2022-09-30 | 8.8 | CVE-2021-36854 CONFIRM CONFIRM |
| bus_pass_management_system_project — bus_pass_management_system | Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php.. | 2022-09-30 | 9.8 | CVE-2022-35156 MISC MISC MISC |
| cisco — ios_xe | A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malicious DHCP messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2022-09-30 | 7.5 | CVE-2022-20847 CISCO |
| cisco — ios_xe | A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2022-09-30 | 7.5 | CVE-2022-20848 CISCO |
| cisco — ios_xe | A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition. | 2022-09-30 | 7.5 | CVE-2022-20856 CISCO |
| cisco — ios_xe | A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition. | 2022-09-30 | 7.5 | CVE-2022-20919 CISCO |
| cisco — ios_xe | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device. | 2022-09-30 | 7.2 | CVE-2022-20851 CISCO |
| cisco — sd-wan_vbond_orchestrator | Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | 2022-09-30 | 7.8 | CVE-2022-20818 CISCO |
| cisco — sd-wan_vmanage | Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | 2022-09-30 | 7.8 | CVE-2022-20775 CISCO |
| cisco — sd-wan_vsmart_controller | A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. | 2022-09-30 | 7.1 | CVE-2022-20850 CISCO |
| cloudflare — goflow | sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service. | 2022-09-30 | 7.5 | CVE-2022-2529 MISC |
| codeigniter — codeigniter | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function. | 2022-10-07 | 9.8 | CVE-2022-40824 MISC |
| codeigniter — codeigniter | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function. | 2022-10-07 | 9.8 | CVE-2022-40825 MISC |
| codeigniter — codeigniter | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. | 2022-10-07 | 9.8 | CVE-2022-40826 MISC |
| codeigniter — codeigniter | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. | 2022-10-07 | 9.8 | CVE-2022-40827 MISC |
| codeigniter — codeigniter | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. | 2022-10-07 | 9.8 | CVE-2022-40828 MISC |
| codeigniter — codeigniter | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function. | 2022-10-07 | 9.8 | CVE-2022-40829 MISC |
| codeigniter — codeigniter | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function. | 2022-10-07 | 9.8 | CVE-2022-40830 MISC |
| codeigniter — codeigniter | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function. | 2022-10-07 | 9.8 | CVE-2022-40831 MISC |
| codeigniter — codeigniter | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php having() function. | 2022-10-07 | 9.8 | CVE-2022-40832 MISC |
| codeigniter — codeigniter | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. | 2022-10-07 | 9.8 | CVE-2022-40833 MISC |
| codeigniter — codeigniter | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. | 2022-10-07 | 9.8 | CVE-2022-40834 MISC |
| codeigniter — codeigniter | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. | 2022-10-07 | 9.8 | CVE-2022-40835 MISC |
| creativedream_file_uploader_project — creativedream_file_uploader | Arbitrary file upload vulnerability in php uploader | 2022-10-03 | 9.8 | CVE-2022-40721 MISC MISC MLIST |
| css-what_project — css-what | The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function. | 2022-09-30 | 7.5 | CVE-2022-21222 CONFIRM CONFIRM |
| dairy_farm_shop_management_system_project — dairy_farm_shop_management_system | Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file. | 2022-09-30 | 9.8 | CVE-2022-40943 MISC MISC |
| dairy_farm_shop_management_system_project — dairy_farm_shop_management_system | Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file. | 2022-09-30 | 9.8 | CVE-2022-40944 MISC MISC MISC |
| dedecms — dedecms | DedeCMS 5.7.98 has a file upload vulnerability in the background. | 2022-10-03 | 7.2 | CVE-2022-40886 MISC |
| dell — hybrid_client | Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | 2022-09-30 | 7.1 | CVE-2022-34429 MISC |
| fasterxml — jackson-databind | In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | 2022-10-02 | 7.5 | CVE-2022-42003 MISC MISC MISC |
| fasterxml — jackson-databind | In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. | 2022-10-02 | 7.5 | CVE-2022-42004 MISC MISC MISC |
| flyte — flyteadmin | FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the default configuration for Flyte Admin allows access for Flyte Propeller even after turning on authentication via a hardcoded hashed password. This password is also set on the default Flyte Propeller configmap in the various Flyte Helm charts. Users who enable auth but do not override this setting in Flyte Admin’s configuration may unbeknownst to them be allowing public traffic in by way of this default password with attackers effectively impersonating propeller. This only applies to users who have not specified the ExternalAuthorizationServer setting. Usage of an external auth server automatically turns off this default configuration and are not susceptible to this vulnerability. This issue has been addressed in version 1.1.44. Users should manually set the staticClients in the selfAuthServer section of their configuration if they intend to rely on Admin’s internal auth server. Again, users who use an external auth server are automatically protected from this vulnerability. | 2022-10-06 | 7.5 | CVE-2022-39273 MISC CONFIRM MISC |
| generex — cs141_firmware | Generex CS141 before 2.08 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh). | 2022-10-06 | 7.2 | CVE-2022-42457 MISC MISC MISC |
| google — android | Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. | 2022-10-07 | 7.8 | CVE-2022-39854 MISC |
| gridea — gridea | Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the ‘nodeIntegration’ option enabled. | 2022-09-30 | 7.8 | CVE-2022-40274 MISC MISC |
| hitachi — storage_plug-in | Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects: Hitachi Storage Plug-in for VMware vCenter 04.8.0. | 2022-10-06 | 8.8 | CVE-2022-2637 MISC |
| htmly — htmly | Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. | 2022-09-30 | 8.1 | CVE-2021-33354 MISC |
| ibm — qradar_security_information_and_event_manager | IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889. | 2022-10-07 | 7.5 | CVE-2022-22480 XF CONFIRM |
| ibm — websphere_automation_for_ibm_cloud_pak_for_watson_aiops | IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449. | 2022-10-07 | 8.8 | CVE-2022-22493 XF CONFIRM |
| ikus-soft — rdiffweb | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | 2022-10-06 | 9.8 | CVE-2022-3273 MISC CONFIRM |
| ikus-soft — rdiffweb | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | 2022-09-30 | 7.5 | CVE-2022-3371 CONFIRM MISC |
| ikus-soft — rdiffweb | Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10. | 2022-10-06 | 7.5 | CVE-2022-3389 CONFIRM MISC |
| innovaphone — innovaphone_firmware | AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. | 2022-09-30 | 9.8 | CVE-2022-41870 MISC |
| joplinapp — joplin | Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the ‘shell.openExternal’ function. | 2022-09-30 | 7.8 | CVE-2022-40277 MISC MISC |
| lighttpd — lighttpd | A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. | 2022-10-06 | 7.5 | CVE-2022-41556 MISC MISC MISC |
| linuxfoundation — dapr_dashboard | Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data. | 2022-10-03 | 7.5 | CVE-2022-38817 MISC MISC |
| microsoft — exchange_server | Microsoft Exchange Server Elevation of Privilege Vulnerability. | 2022-10-03 | 8.8 | CVE-2022-41040 MISC CERT-VN |
| microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability. | 2022-10-03 | 8.8 | CVE-2022-41082 MISC CERT-VN |
| mojoportal — mojoportal | mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. | 2022-09-30 | 8.8 | CVE-2022-40341 MISC MISC |
| moodle — moodle | A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. | 2022-09-30 | 9.8 | CVE-2022-40314 MISC MISC |
| moodle — moodle | A limited SQL injection risk was identified in the “browse list of users” site administration page. | 2022-09-30 | 9.8 | CVE-2022-40315 MISC MISC |
| moodle — moodle | Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. | 2022-10-06 | 8.8 | CVE-2022-2986 MISC MISC |
| moodle — moodle | Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | 2022-09-30 | 7.1 | CVE-2022-40313 MISC MISC |
| mybb — mybb | MyBB is a free and open source forum software. The _Mail Settings_ ? Additional Parameters for PHP’s mail() function mail_parameters setting value, in connection with the configured mail program’s options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2022-10-06 | 7.2 | CVE-2022-39265 MISC CONFIRM MISC MISC |
| najeebmedia — frontend_file_manager | The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE | 2022-10-03 | 8.8 | CVE-2022-3125 MISC |
| nedi — nedi | In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 <= and NeDi for Suse 1.0.7 <= and NeDi for FreeBSD 1.0.7 <=. | 2022-10-06 | 9.1 | CVE-2022-40895 MISC MISC MISC |
| octopus — octopus_server | In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | 2022-09-30 | 9.8 | CVE-2022-2778 MISC |
| omron — cx-programmer | OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | 2022-10-06 | 9.8 | CVE-2022-3396 CONFIRM |
| omron — cx-programmer | OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | 2022-10-06 | 9.8 | CVE-2022-3397 CONFIRM |
| omron — cx-programmer | OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | 2022-10-06 | 9.8 | CVE-2022-3398 CONFIRM |
| online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-10-07 | 7.2 | CVE-2022-41512 MISC |
| online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php. | 2022-10-07 | 7.2 | CVE-2022-41513 MISC |
| online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. | 2022-10-07 | 7.2 | CVE-2022-42073 MISC |
| online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. | 2022-10-07 | 7.2 | CVE-2022-42074 MISC |
| online_leave_management_system_project — online_leave_management_system | Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department. | 2022-10-06 | 7.2 | CVE-2022-41355 MISC |
| online_pet_shop_we_app_project — online_pet_shop_we_app | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. | 2022-10-07 | 7.2 | CVE-2022-41377 MISC |
| online_pet_shop_we_app_project — online_pet_shop_we_app | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory. | 2022-10-07 | 7.2 | CVE-2022-41378 MISC |
| open_source_sacco_management_system_project — open_source_sacco_management_system | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan. | 2022-10-07 | 7.2 | CVE-2022-41514 MISC |
| open_source_sacco_management_system_project — open_source_sacco_management_system | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. | 2022-10-07 | 7.2 | CVE-2022-41515 MISC |
| orchest — orchest | ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user’s account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at [email protected] | 2022-09-30 | 8.1 | CVE-2022-39268 MISC MISC MISC CONFIRM |
| phpipam — phpipam | phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php. | 2022-10-03 | 9.8 | CVE-2022-41443 MISC |
| pjsip — pjsip | PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-10-06 | 9.8 | CVE-2022-39244 MISC CONFIRM |
| pjsip — pjsip | PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability. | 2022-10-06 | 9.1 | CVE-2022-39269 MISC CONFIRM |
| pyup — dependency_parser | dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed. | 2022-10-06 | 7.5 | CVE-2022-39280 MISC MISC MISC CONFIRM |
| realvnc — vnc_server | RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. | 2022-09-30 | 7.8 | CVE-2022-41975 MISC |
| samsung — factorycamera | Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege. | 2022-10-07 | 7.8 | CVE-2022-39858 MISC |
| semtech — loramac-node | LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds write. The function `ProcessRadioRxDone` implicitly expects incoming radio frames to have at least a payload of one byte or more. An empty payload leads to a 1-byte out-of-bounds read of user controlled content when the payload buffer is reused. This allows an attacker to craft a FRAME_TYPE_PROPRIETARY frame with size -1 which results in an 65280-byte out-of-bounds memcopy likely with partially controlled attacker data. Corrupting a large part if the data section is likely to cause a DoS. If the large out-of-bounds write does not immediately crash the attacker may gain control over the execution due to now controlling large parts of the data section. Users are advised to upgrade either by updating their package or by manually applying the patch commit `e851b079`. | 2022-10-06 | 9.8 | CVE-2022-39274 MISC MISC CONFIRM |
| simple_cold_storage_management_system_project — simple_cold_storage_management_system | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message. | 2022-10-06 | 7.2 | CVE-2022-42241 MISC |
| simple_cold_storage_management_system_project — simple_cold_storage_management_system | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking. | 2022-10-06 | 7.2 | CVE-2022-42242 MISC |
| simple_cold_storage_management_system_project — simple_cold_storage_management_system | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=. | 2022-10-06 | 7.2 | CVE-2022-42243 MISC |
| simple_cold_storage_management_system_project — simple_cold_storage_management_system | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=. | 2022-10-06 | 7.2 | CVE-2022-42249 MISC |
| simple_cold_storage_management_system_project — simple_cold_storage_management_system | Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=. | 2022-10-06 | 7.2 | CVE-2022-42250 MISC |
| simple_e-learning_system_project — simple_e-learning_system | An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode. | 2022-10-07 | 9.8 | CVE-2022-40872 MISC |
| snyk — cli | Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1. This affects, for example, the Snyk TeamCity plugin (which does not update automatically) before 20220930.142957. | 2022-10-03 | 7.8 | CVE-2022-40764 MISC MISC MISC MISC |
| solarwinds — orion_platform | A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | 2022-09-30 | 8.8 | CVE-2022-36961 MISC MISC |
| sonicjs — sonicjs | SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete. | 2022-10-01 | 9.1 | CVE-2022-42002 MISC MISC |
| swmansion — react_native_reanimated | The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js. | 2022-09-30 | 7.5 | CVE-2022-24373 CONFIRM CONFIRM CONFIRM CONFIRM |
| sylabs — singularity_image_format | syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. | 2022-10-06 | 9.8 | CVE-2022-39237 CONFIRM MISC |
| tooljet — tooljet | Account Takeover :: when see the info i can see the hash pass i can creaked it …………… Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the pass | 2022-10-07 | 7.5 | CVE-2022-3422 CONFIRM MISC |
| veritas — netbackup | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. | 2022-10-03 | 9.8 | CVE-2022-42302 MISC |
| veritas — netbackup | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. | 2022-10-03 | 9.8 | CVE-2022-42303 MISC |
| veritas — netbackup | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. | 2022-10-03 | 9.8 | CVE-2022-42304 MISC |
| veritas — netbackup | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service. | 2022-10-03 | 9.8 | CVE-2022-42307 MISC |
| veritas — netbackup | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. | 2022-10-03 | 8.8 | CVE-2022-42301 MISC |
| veritas — netbackup | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. | 2022-10-03 | 7.5 | CVE-2022-42299 MISC |
| veritas — netbackup | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. | 2022-10-03 | 7.5 | CVE-2022-42305 MISC |
| veritas — netbackup | An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. | 2022-10-03 | 7.1 | CVE-2022-42308 MISC |
| vmware — rabbitmq | RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins. | 2022-10-06 | 7.5 | CVE-2022-31008 MISC CONFIRM |
| web-based_student_clearance_system_project — web-based_student_clearance_system | A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. Affected is an unknown function of the file /Admin/login.php of the component POST Parameter Handler. The manipulation of the argument txtusername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210246 is the identifier assigned to this vulnerability. | 2022-10-07 | 9.8 | CVE-2022-3414 N/A N/A |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — experience_manager | Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM. | 2022-09-30 | 5.4 | CVE-2022-28851 MISC |
| apache — commons_jxpath | Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | 2022-10-06 | 6.5 | CVE-2022-40157 MISC |
| apache — commons_jxpath | Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | 2022-10-06 | 6.5 | CVE-2022-40158 MISC |
| apache — commons_jxpath | Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | 2022-10-06 | 6.5 | CVE-2022-40159 MISC |
| apache — commons_jxpath | Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | 2022-10-06 | 6.5 | CVE-2022-40160 MISC |
| apache — commons_jxpath | Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | 2022-10-06 | 6.5 | CVE-2022-40161 MISC |
| avaya — aura_application_enablement_services | A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. | 2022-10-06 | 6.7 | CVE-2022-2975 MISC |
| axiosys — bento4 | Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary. | 2022-10-03 | 6.5 | CVE-2022-41419 MISC |
| axiosys — bento4 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component. | 2022-10-03 | 6.5 | CVE-2022-41423 MISC |
| axiosys — bento4 | Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in mp42hls. | 2022-10-03 | 6.5 | CVE-2022-41424 MISC |
| axiosys — bento4 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4decrypt. | 2022-10-03 | 6.5 | CVE-2022-41425 MISC |
| axiosys — bento4 | Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStream function in mp4split. | 2022-10-03 | 6.5 | CVE-2022-41426 MISC |
| axiosys — bento4 | Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux. | 2022-10-03 | 6.5 | CVE-2022-41427 MISC |
| axiosys — bento4 | An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File. | 2022-09-30 | 5.5 | CVE-2022-41841 MISC |
| axiosys — bento4 | An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h. | 2022-09-30 | 5.5 | CVE-2022-41845 MISC MISC |
| axiosys — bento4 | An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. | 2022-09-30 | 5.5 | CVE-2022-41846 MISC MISC |
| axiosys — bento4 | An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp. | 2022-09-30 | 5.5 | CVE-2022-41847 MISC MISC MISC |
| beckmancoulter — remisol_advance | The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | 2022-10-06 | 5.5 | CVE-2022-26237 MISC MISC |
| beckmancoulter — remisol_advance | The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | 2022-10-06 | 5.5 | CVE-2022-26239 MISC MISC |
| bookingultrapro — booking_ultra_pro_appointments_booking_calendar | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | 2022-09-30 | 6.1 | CVE-2021-36855 CONFIRM CONFIRM |
| bosch — bosch_video_management_system | Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x. | 2022-09-30 | 5.9 | CVE-2022-32540 CONFIRM |
| bus_pass_management_system_project — bus_pass_management_system | Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. | 2022-09-30 | 6.1 | CVE-2022-35155 MISC MISC MISC |
| canon — medical_vitrea_view | Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information. | 2022-09-30 | 6.1 | CVE-2022-37461 MISC MISC CONFIRM |
| centreon — centreon | A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter. | 2022-10-06 | 5.4 | CVE-2022-39988 MISC |
| cisco — aironet_1542d_firmware | A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed. | 2022-09-30 | 4.7 | CVE-2022-20728 CISCO |
| cisco — catalyst_9800-l_firmware | A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition. | 2022-09-30 | 6.5 | CVE-2022-20945 CISCO |
| cisco — duo | A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a smart card login to bypass Duo authentication. A successful exploit could allow the attacker to use any personal identity verification (PIV) smart card for authentication, even if the smart card is not assigned to the authenticating user. | 2022-09-30 | 6.8 | CVE-2022-20662 CISCO |
| cisco — ios_xe | A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller. | 2022-09-30 | 6.7 | CVE-2022-20855 CISCO |
| cisco — ios_xe | A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device. | 2022-09-30 | 6.5 | CVE-2022-20810 CISCO |
| cisco — sd-wan | A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses. | 2022-09-30 | 5.3 | CVE-2022-20844 CISCO |
| cisco — sd-wan_vmanage | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition. | 2022-09-30 | 6.7 | CVE-2022-20930 CISCO |
| cisco — wireless_lan_controller_software | A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled. | 2022-09-30 | 6.5 | CVE-2022-20769 CISCO |
| comment_guestbook_project — comment_guestbook | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress. | 2022-09-30 | 4.8 | CVE-2021-36830 CONFIRM CONFIRM |
| discourse — discotoc | DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories (and have sufficient trust level – configured in component’s settings) are able to inject arbitrary HTML on that topic’s page. The issue has been fixed on the `main` branch. Admins can update the theme component through the admin UI (Customize -> Themes -> Components -> DiscoTOC -> Check for Updates). Alternatively, admins can temporarily disable the DiscoTOC theme component. | 2022-10-06 | 5.4 | CVE-2022-39270 MISC CONFIRM |
| dnnsoftware — dotnetnuke | Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | 2022-09-30 | 4.9 | CVE-2022-2922 MISC CONFIRM |
| donation_thermometer_project — donation_thermometer | The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-03 | 4.8 | CVE-2022-3128 MISC |
| dsgvo-for-wp — dsgvo_all_in_one_for_wp | The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-03 | 4.8 | CVE-2022-2628 MISC |
| goolytics_project — goolytics | The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-10-03 | 4.8 | CVE-2022-3132 MISC |
| heartex — label_studio | A Server Side Request Forgery (SSRF) in the Data Import module in Heartex – Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF. | 2022-10-03 | 6.5 | CVE-2022-36551 MISC MISC MISC |
| ibm — cics_tx | IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. | 2022-10-07 | 5.5 | CVE-2022-34308 CONFIRM XF CONFIRM |
| ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. | 2022-10-07 | 6.5 | CVE-2022-36772 XF CONFIRM |
| ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699. | 2022-10-07 | 6.5 | CVE-2022-41291 XF CONFIRM |
| ibm — qradar_security_information_and_event_manager | IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366. | 2022-10-07 | 5.5 | CVE-2022-30613 XF CONFIRM |
| ibm — robotic_process_automation | IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807. | 2022-10-06 | 6.5 | CVE-2022-41294 XF CONFIRM |
| ibm — robotic_process_automation | IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125. | 2022-10-06 | 6.1 | CVE-2022-22503 XF CONFIRM |
| ibm — robotic_process_automation | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. | 2022-10-06 | 5.3 | CVE-2022-36774 XF CONFIRM |
| ibm — robotic_process_automation_for_cloud_pak | IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291. | 2022-10-06 | 6.1 | CVE-2022-38709 XF CONFIRM |
| lief-project — lief | A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. | 2022-10-03 | 6.5 | CVE-2022-40922 MISC |
| lief-project — lief | A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. | 2022-09-30 | 6.5 | CVE-2022-40923 MISC |
| linux — linux_kernel | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. | 2022-09-30 | 4.7 | CVE-2022-41850 MISC |
| linux — linux_kernel | drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. | 2022-09-30 | 4.2 | CVE-2022-41848 MISC MISC |
| linux — linux_kernel | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. | 2022-09-30 | 4.2 | CVE-2022-41849 MISC |
| linuxfoundation — dex | Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-10-06 | 6.5 | CVE-2022-39222 CONFIRM MISC |
| mojoportal — mojoportal | mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the “f” parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system. | 2022-10-03 | 6.5 | CVE-2022-40123 MISC MISC |
| moodle — moodle | The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | 2022-09-30 | 4.3 | CVE-2022-40316 MISC MISC |
| najeebmedia — frontend_file_manager | The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server | 2022-10-03 | 5.3 | CVE-2022-3124 MISC |
| nasm — netwide_assembler | nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component | 2022-10-03 | 5.5 | CVE-2022-41420 MISC |
| octopus — octopus_server | In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. | 2022-10-06 | 5.3 | CVE-2022-2781 MISC |
| octopus — octopus_server | In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token | 2022-10-06 | 5.3 | CVE-2022-2783 MISC |
| online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. | 2022-10-07 | 6.1 | CVE-2020-15855 MISC |
| orchardcore — orchardcore | In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. | 2022-10-03 | 5.4 | CVE-2022-32173 MISC MISC |
| pfsense — pfsense | pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name. | 2022-10-03 | 6.1 | CVE-2022-42247 MISC MISC |
| pingidentity — pingcentral | PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. | 2022-09-30 | 4.9 | CVE-2022-23726 MISC CONFIRM |
| pulsesecure — pulse_connect_secure | Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request’s Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS. | 2022-09-30 | 5.4 | CVE-2022-21826 MISC |
| pyup — dependency_parser | Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following information: Estimating database row counts from tables with a sequential primary key or Exposing staff user and customer email addresses and full name through the `assignNavigation()` mutation. This issue has been patched in main and backported to multiple releases (3.7.17, 3.6.18, 3.5.23, 3.4.24, 3.3.26, 3.2.14, 3.1.24). Users are advised to upgrade. There are no known workarounds for this issue. | 2022-10-06 | 4.3 | CVE-2022-39275 CONFIRM MISC |
| quizandsurveymaster — quiz_and_survey_master | Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz. | 2022-09-30 | 4.3 | CVE-2021-36865 CONFIRM CONFIRM |
| samsung — factorycamerafb | Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege. | 2022-10-07 | 5.5 | CVE-2022-39857 MISC |
| samsung — group_sharing | Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | 2022-10-07 | 5.3 | CVE-2022-39877 MISC |
| samsung — internet | Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. | 2022-10-07 | 4.6 | CVE-2022-39873 MISC |
| solarwinds — solarwinds_platform | Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | 2022-09-30 | 6.1 | CVE-2022-36965 CONFIRM CONFIRM |
| spacexchimp — social_media_follow_buttons_bar | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress. | 2022-09-30 | 4.8 | CVE-2021-36839 CONFIRM CONFIRM |
| spsoftmobile — applock | AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations. | 2022-09-30 | 6.6 | CVE-2022-1959 MISC MISC |
| suse — linux_enterprise_server | A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225. | 2022-10-06 | 4.4 | CVE-2022-31252 CONFIRM |
| veritas — netbackup | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.) | 2022-10-03 | 6.5 | CVE-2022-42300 MISC |
| veritas — netbackup | An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process. | 2022-10-03 | 5.5 | CVE-2022-42306 MISC |
| wp_socializer_project — wp_socializer | The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-03 | 4.8 | CVE-2022-2763 MISC |
| xgenecloud — nocodb | Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0. | 2022-10-07 | 6.5 | CVE-2022-3423 CONFIRM MISC |
| xpdfreader — xpdf | An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc. | 2022-09-30 | 5.5 | CVE-2022-41842 MISC MISC |
| xpdfreader — xpdf | An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928. | 2022-09-30 | 5.5 | CVE-2022-41843 MISC MISC |
| xpdfreader — xpdf | An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088. | 2022-09-30 | 5.5 | CVE-2022-41844 MISC MISC MISC |
| yetiforce — yetiforce_customer_relationship_management | Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | 2022-10-06 | 5.4 | CVE-2022-3002 MISC CONFIRM |
| zephyr-one — zephyr_project_manager | The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins. | 2022-10-03 | 5.4 | CVE-2022-2839 MISC |
| zinclabs — zinc | In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s credentials. | 2022-10-06 | 5.4 | CVE-2022-32171 MISC MISC |
| zinclabs — zinc | In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’s credentials. | 2022-10-06 | 5.4 | CVE-2022-32172 MISC MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| dell — hybrid_client | Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. | 2022-09-30 | 2.7 | CVE-2022-34428 MISC |
| google — android | Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. | 2022-10-07 | 3.3 | CVE-2022-39848 MISC |
| google — android | Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. | 2022-10-07 | 3.3 | CVE-2022-39849 MISC |
| google — android | Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. | 2022-10-07 | 3.3 | CVE-2022-39850 MISC |
| google — android | Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information. | 2022-10-07 | 3.3 | CVE-2022-39856 MISC |
| samsung — uphelper_library | Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent. | 2022-10-07 | 3.3 | CVE-2022-39859 MISC |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| aruba — multiple_products | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-07 | not yet calculated | CVE-2022-37885 MISC |
| aruba — multiple_products | An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | 2022-10-07 | not yet calculated | CVE-2022-37894 MISC |
| aruba — multiple_products | An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | 2022-10-07 | not yet calculated | CVE-2022-37895 MISC |
| aruba — multiple_products | A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | 2022-10-07 | not yet calculated | CVE-2022-37896 MISC |
| aruba — multiple_products |
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-07 | not yet calculated | CVE-2022-37886 MISC |
| aruba — multiple_products |
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-07 | not yet calculated | CVE-2022-37887 MISC |
| aruba — multiple_products |
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-07 | not yet calculated | CVE-2022-37889 MISC |
| aruba — multiple_products |
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-07 | not yet calculated | CVE-2022-37890 MISC |
| aruba — multiple_products |
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | 2022-10-07 | not yet calculated | CVE-2022-37891 MISC |
| aruba — multiple_products |
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability. | 2022-10-07 | not yet calculated | CVE-2022-37892 MISC |
| aruba — multiple_products |
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | 2022-10-07 | not yet calculated | CVE-2022-37893 MISC |
| autodesk — image_processing | A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. | 2022-10-07 | not yet calculated | CVE-2021-40162 MISC |
| autodesk — image_processing | A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component. | 2022-10-07 | not yet calculated | CVE-2021-40163 MISC |
| autodesk — image_processing | A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. | 2022-10-07 | not yet calculated | CVE-2021-40164 MISC |
| autodesk — image_processing | A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. | 2022-10-07 | not yet calculated | CVE-2021-40165 MISC |
| autodesk — image_processing | A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code. | 2022-10-07 | not yet calculated | CVE-2021-40166 MISC |
| beckman_coulter — remisol_advance | A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows. | 2022-10-06 | not yet calculated | CVE-2022-26235 MISC MISC |
| beckman_coulter — remisol_advance | The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | 2022-10-06 | not yet calculated | CVE-2022-26236 MISC MISC |
| beckman_coulter — remisol_advance | The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | 2022-10-06 | not yet calculated | CVE-2022-26238 MISC MISC |
| beckman_coulter — remisol_advance | The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | 2022-10-06 | not yet calculated | CVE-2022-26240 MISC MISC |
| codeigniter — codeigniter |
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does not affect session cookies. Users are advised to upgrade to v4.2.7 or later. Users unable to upgrade are advised to manually construct their cookies either by setting the options in code or by constructing Cookie objects. Examples of each workaround are available in the linked GHSA. | 2022-10-06 | not yet calculated | CVE-2022-39284 MISC MISC CONFIRM MISC MISC MISC |
| discourse — discourse-chat |
discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel’s name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsafe HTML into them. Version 0.9 has addressed this issue. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-10-06 | not yet calculated | CVE-2022-39279 CONFIRM MISC |
| facebook — hermes | It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when asserts were enabled). This issue affects Hermes versions prior to v0.12.0. | 2022-10-06 | not yet calculated | CVE-2022-27810 CONFIRM |
| fat_free_crm — fat_free_crm |
fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit `c85a254` and will be available in release `0.20.1`. Users are advised to upgrade or to manually apply patch `c85a254`. There are no known workarounds for this issue. | 2022-10-08 | not yet calculated | CVE-2022-39281 MISC MISC CONFIRM |
|
gradle_enterprise — gradle_enterprise |
An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2. | 2022-10-07 | not yet calculated | CVE-2022-41574 MISC MISC |
| hancom — office_2020 |
A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability. | 2022-10-07 | not yet calculated | CVE-2022-33896 MISC |
|
hsqldb — hsqldb |
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property “hsqldb.method_class_names” to classes which are allowed to be called. For example, System.setProperty(“hsqldb.method_class_names”, “abc”) or Java argument -Dhsqldb.method_class_names=”abc” can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled. | 2022-10-06 | not yet calculated | CVE-2022-41853 MISC MISC |
| ikus060 — rdiffweb |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | 2022-10-06 | not yet calculated | CVE-2022-3376 MISC CONFIRM |
| internet_systems_consortium — dhcp |
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option’s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. | 2022-10-07 | not yet calculated | CVE-2022-2928 CONFIRM |
| internet_systems_consortium — dhcp |
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. | 2022-10-07 | not yet calculated | CVE-2022-2929 CONFIRM |
| johnson_controls — metasys_adx_server |
On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. | 2022-10-07 | not yet calculated | CVE-2022-21936 CERT CONFIRM |
|
liferay — liferay_portal |
An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. | 2022-10-07 | not yet calculated | CVE-2022-41414 MISC |
| linux — kernel | A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. | 2022-10-08 | not yet calculated | CVE-2022-3435 N/A N/A |
| mediatek — cpu_dvfs | In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405. | 2022-10-07 | not yet calculated | CVE-2022-32592 MISC |
| mediatek — ims | In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID: ALPS07319095. | 2022-10-07 | not yet calculated | CVE-2022-26472 MISC |
| mediatek — isp | In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID: ALPS07262305. | 2022-10-07 | not yet calculated | CVE-2022-26452 MISC |
| mediatek — ril |
In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259. | 2022-10-07 | not yet calculated | CVE-2022-32591 MISC |
| mediatek — sensorhub | In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717. | 2022-10-07 | not yet calculated | CVE-2022-26474 MISC |
| mediatek — telephony | In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319121; Issue ID: ALPS07319121. | 2022-10-07 | not yet calculated | CVE-2022-26471 MISC |
| mediatek — vdec_fmt | In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID: ALPS07342197. | 2022-10-07 | not yet calculated | CVE-2022-26473 MISC |
| mediatek — vowe |
In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493. | 2022-10-07 | not yet calculated | CVE-2022-32593 MISC |
| mediatek — wi-fi_driver |
In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID: ALPS07030600. | 2022-10-07 | not yet calculated | CVE-2022-32589 MISC |
| mediatek — wlan | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743. | 2022-10-07 | not yet calculated | CVE-2022-26475 MISC |
| mediatek — wlan |
In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425. | 2022-10-07 | not yet calculated | CVE-2022-32590 MISC |
| nps — nps | NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters. | 2022-10-06 | not yet calculated | CVE-2022-40494 MISC MISC |
|
online_leave_management_system — online_leave_management_system |
An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-10-07 | not yet calculated | CVE-2022-41379 MISC |
|
panini — panini_everest_engine |
Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file. | 2022-10-07 | not yet calculated | CVE-2022-39959 MISC MISC |
| perforce — puppet | Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | 2022-10-07 | not yet calculated | CVE-2022-3276 MISC |
| perforce — puppet |
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | 2022-10-07 | not yet calculated | CVE-2022-3275 MISC |
| picuploader — picuploader | PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php. | 2022-10-07 | not yet calculated | CVE-2022-41442 MISC MISC |
| samsung — cocktailbarservice | Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. | 2022-10-07 | not yet calculated | CVE-2022-39851 MISC |
|
samsung — dynamic_lockscreen |
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. | 2022-10-07 | not yet calculated | CVE-2022-39862 MISC |
| samsung — facm | Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. | 2022-10-07 | not yet calculated | CVE-2022-39855 MISC |
|
samsung — factorycamera |
Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. | 2022-10-07 | not yet calculated | CVE-2022-39861 MISC |
| samsung — libagifencoder.quram.so_library | A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution. | 2022-10-07 | not yet calculated | CVE-2022-39852 MISC |
| samsung — mobile | Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. | 2022-10-07 | not yet calculated | CVE-2022-39847 MISC |
| samsung — mousenkeyhiddevice | Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. | 2022-10-07 | not yet calculated | CVE-2022-36868 MISC |
| samsung — perf-mgr_driver | A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. | 2022-10-07 | not yet calculated | CVE-2022-39853 MISC |
| samsung — quickshare | Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast. | 2022-10-07 | not yet calculated | CVE-2022-39860 MISC |
| samsung — samsung_account | Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. | 2022-10-07 | not yet calculated | CVE-2022-39863 MISC |
|
samsung — samsung_account |
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | 2022-10-07 | not yet calculated | CVE-2022-39874 MISC |
|
samsung — samsung_account |
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | 2022-10-07 | not yet calculated | CVE-2022-39875 MISC |
| samsung — samsung_checkout | Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast. | 2022-10-07 | not yet calculated | CVE-2022-39878 MISC |
|
samsung — sharelive |
Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. | 2022-10-07 | not yet calculated | CVE-2022-39872 MISC |
|
samsung — smartthings |
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. | 2022-10-07 | not yet calculated | CVE-2022-39864 MISC |
|
samsung — smartthings |
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | 2022-10-07 | not yet calculated | CVE-2022-39865 MISC |
|
samsung — smartthings |
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | 2022-10-07 | not yet calculated | CVE-2022-39866 MISC |
|
samsung — smartthings |
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. | 2022-10-07 | not yet calculated | CVE-2022-39867 MISC |
|
samsung — smartthings |
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | 2022-10-07 | not yet calculated | CVE-2022-39868 MISC |
|
samsung — smartthings |
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. | 2022-10-07 | not yet calculated | CVE-2022-39869 MISC |
|
samsung — smartthings |
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. | 2022-10-07 | not yet calculated | CVE-2022-39870 MISC |
|
samsung — smartthings |
Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. | 2022-10-07 | not yet calculated | CVE-2022-39871 MISC |
| samsung — sreminder | Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. | 2022-10-07 | not yet calculated | CVE-2022-39876 MISC |
| sourcecodester — student_clearance_system |
A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been rated as problematic. Affected by this issue is the function prepare of the file /Admin/add-student.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210356. | 2022-10-08 | not yet calculated | CVE-2022-3434 N/A N/A |
| tiny-csrf — tiny-csrf |
tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit `8eead6d` and the patch with be included in version 1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-10-07 | not yet calculated | CVE-2022-39287 CONFIRM MISC |
| totaljs — totaljs | A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings. | 2022-10-07 | not yet calculated | CVE-2022-41392 MISC |
|
totolink — totolink |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function | 2022-10-06 | not yet calculated | CVE-2022-41517 MISC |
|
totolink — totolink |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. | 2022-10-06 | not yet calculated | CVE-2022-41518 MISC |
|
totolink — totolink |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function. | 2022-10-06 | not yet calculated | CVE-2022-41520 MISC |
|
totolink — totolink |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function. | 2022-10-06 | not yet calculated | CVE-2022-41521 MISC |
|
totolink — totolink |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the “main” function. | 2022-10-06 | not yet calculated | CVE-2022-41522 MISC |
|
totolink — totolink |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function. | 2022-10-06 | not yet calculated | CVE-2022-41523 MISC |
|
totolink — totolink |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function. | 2022-10-06 | not yet calculated | CVE-2022-41524 MISC |
|
totolink — totolink |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi. | 2022-10-06 | not yet calculated | CVE-2022-41525 MISC |
|
totolink — totolink |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function. | 2022-10-06 | not yet calculated | CVE-2022-41526 MISC |
|
totolink — totolink |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function. | 2022-10-06 | not yet calculated | CVE-2022-41527 MISC |
|
totolink — totolink |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. | 2022-10-06 | not yet calculated | CVE-2022-41528 MISC |
| vmware — multiple_products |
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. | 2022-10-07 | not yet calculated | CVE-2022-31680 MISC MISC |
| vmware — multiple_products |
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. | 2022-10-07 | not yet calculated | CVE-2022-31681 MISC |
| wedding_planner — wedding_planner | Wedding Planner v1.0 is vulnerable to has arbitrary code execution. | 2022-10-07 | not yet calculated | CVE-2022-42075 MISC |
| zkteco — zkbiosecurity | An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. | 2022-10-07 | not yet calculated | CVE-2022-36634 MISC MISC MISC |
| zkteco — zkbiosecurity | ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do. | 2022-10-07 | not yet calculated | CVE-2022-36635 MISC MISC MISC |
| zoneminder — zoneminder | ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | 2022-10-07 | not yet calculated | CVE-2022-39290 CONFIRM MISC |
| zoneminder — zoneminder |
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current “tr” “td” brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the “view=log” page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging. | 2022-10-07 | not yet calculated | CVE-2022-39285 MISC MISC CONFIRM |
| zoneminder — zoneminder |
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging. | 2022-10-07 | not yet calculated | CVE-2022-39289 MISC CONFIRM |
| zoneminder — zoneminder |
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with “View” system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the “/zm/index.php” endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-10-07 | not yet calculated | CVE-2022-39291 MISC MISC MISC CONFIRM MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.
