US-CERT Bulletin (SB22-311):Vulnerability Summary for the Week of October 31, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
honeywell — c200_firmware | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 2022-10-28 | 10 | CVE-2021-38397 CONFIRM CONFIRM |
dlink — dir-846_firmware | D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php. | 2022-10-31 | 9.8 | CVE-2020-21016 MISC MISC |
mkcms_project — mkcms | MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. | 2022-11-03 | 9.8 | CVE-2020-22818 MISC |
mkcms_project — mkcms | MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. | 2022-11-03 | 9.8 | CVE-2020-22819 MISC |
mkcms_project — mkcms | MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. | 2022-11-03 | 9.8 | CVE-2020-22820 MISC |
honeywell — c200_firmware | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 2022-10-28 | 9.8 | CVE-2021-38395 CONFIRM CONFIRM |
xfig_project — xfig | xfig 3.2.7 is vulnerable to Buffer Overflow. | 2022-10-31 | 9.8 | CVE-2021-40241 MISC |
stimulsoft — reports | Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user’s local machine, as demonstrated by System.Diagnostics.Process.Start. | 2022-10-29 | 9.8 | CVE-2021-42777 MISC |
ibm — infosphere_information_server | “IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598.” | 2022-11-03 | 9.8 | CVE-2022-22425 MISC |
octopus — octopus_server | In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. | 2022-11-01 | 9.8 | CVE-2022-2572 MISC |
sick — sim2000_firmware | Password recovery vulnerability in SICK SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM4000. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled. | 2022-11-01 | 9.8 | CVE-2022-27582 MISC |
sick — sim2000st_firmware | Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 and 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM2000ST. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled. | 2022-11-01 | 9.8 | CVE-2022-27584 MISC |
sick — sim1000_fx_firmware | Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version < 1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible. (available in SICK Support Portal) | 2022-11-01 | 9.8 | CVE-2022-27585 MISC |
sick — sim1004-0p0g311_firmware | Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version < 2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible. | 2022-11-01 | 9.8 | CVE-2022-27586 MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO | 2022-10-28 | 9.8 | CVE-2022-2826 CONFIRM MISC MISC |
pingcap — tidb | Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. | 2022-11-04 | 9.8 | CVE-2022-3023 CONFIRM MISC |
vmware — spring_security | Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true) | 2022-10-31 | 9.8 | CVE-2022-31692 MISC |
awpcp — another_wordpress_classifieds_plugin | The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection | 2022-10-31 | 9.8 | CVE-2022-3254 CONFIRM |
apple — iphone_os | The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution. | 2022-11-01 | 9.8 | CVE-2022-32941 MISC MISC MISC MISC MISC |
cloudflare — warp | It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli ‘set-custom-endpoint’ subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. | 2022-10-28 | 9.8 | CVE-2022-3320 MISC |
eaton — foreseer_electrical_power_monitoring_system | A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . | 2022-10-28 | 9.8 | CVE-2022-33859 MISC |
frauscher — frauscher_diagnostic_system_102 | Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device. | 2022-11-02 | 9.8 | CVE-2022-3575 CONFIRM |
ehoney_project — ehoney | A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212411. | 2022-10-28 | 9.8 | CVE-2022-3729 N/A |
ehoney_project — ehoney | A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file /api/v1/attack/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212412. | 2022-10-28 | 9.8 | CVE-2022-3730 N/A |
ehoney_project — ehoney | A vulnerability has been found in seccome Ehoney and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/attack/token. The manipulation of the argument Payload leads to sql injection. The attack can be launched remotely. The identifier VDB-212413 was assigned to this vulnerability. | 2022-10-28 | 9.8 | CVE-2022-3731 N/A |
ehoney_project — ehoney | A vulnerability was found in seccome Ehoney and classified as critical. Affected by this issue is some unknown functionality of the file /api/v1/bait/set. The manipulation of the argument Payload leads to sql injection. The attack may be launched remotely. VDB-212414 is the identifier assigned to this vulnerability. | 2022-10-28 | 9.8 | CVE-2022-3732 N/A |
redis — redis | A vulnerability was found in Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212416. | 2022-10-28 | 9.8 | CVE-2022-3734 N/A N/A |
ehoney_project — ehoney | A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability. | 2022-10-28 | 9.8 | CVE-2022-3735 N/A |
chatwoot — chatwoot | Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. | 2022-10-28 | 9.8 | CVE-2022-3741 CONFIRM MISC |
opennebula — opennebula | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. | 2022-10-28 | 9.8 | CVE-2022-37425 MISC |
phpmyfaq — phpmyfaq | Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | 2022-10-29 | 9.8 | CVE-2022-3754 MISC CONFIRM |
browserify-shim_project — browserify-shim | Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js. | 2022-10-28 | 9.8 | CVE-2022-37621 MISC MISC MISC |
browserify-shim_project — _browserify-shim | Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js. | 2022-10-31 | 9.8 | CVE-2022-37623 MISC MISC MISC |
easyiicms — easyiicms | A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability. | 2022-10-31 | 9.8 | CVE-2022-3771 N/A |
tim_campus_confession_wall_project — tim_campus_confession_wall | A vulnerability has been found in Tim Campus Confession Wall and classified as critical. Affected by this vulnerability is an unknown functionality of the file share.php. The manipulation of the argument post_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212611. | 2022-11-01 | 9.8 | CVE-2022-3789 N/A N/A |
arubanetworks — aruba_edgeconnect_enterprise_orchestrator | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | 2022-10-28 | 9.8 | CVE-2022-37913 MISC |
arubanetworks — aruba_edgeconnect_enterprise_orchestrator | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | 2022-10-28 | 9.8 | CVE-2022-37914 MISC |
arubanetworks — aruba_edgeconnect_enterprise_orchestrator | A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected. | 2022-10-28 | 9.8 | CVE-2022-37915 MISC |
deltaww — infrasuite_device_master | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization. | 2022-10-31 | 9.8 | CVE-2022-38142 MISC |
centreon — centreon | A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. The name of the patch is 293b10628f7d9f83c6c82c78cf637cbe9b907369. It is recommended to apply a patch to fix this issue. VDB-212794 is the identifier assigned to this vulnerability. | 2022-11-02 | 9.8 | CVE-2022-3827 MISC MISC MISC |
fortinet — fortiadc | An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request. | 2022-11-02 | 9.8 | CVE-2022-38381 CONFIRM |
glpi-project — glpi | GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest. | 2022-11-03 | 9.8 | CVE-2022-39323 CONFIRM |
xmldom_project — xmldom | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`. | 2022-11-02 | 9.8 | CVE-2022-39353 MISC CONFIRM |
datahub_project — datahub | DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds. | 2022-10-28 | 9.8 | CVE-2022-39366 MISC MISC MISC CONFIRM MISC |
fluentd — fluentd | Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable `FLUENT_OJ_OPTION_MODE` is explicitly set to `object`. Please note: The option FLUENT_OJ_OPTION_MODE was introduced in Fluentd version 1.13.2. Earlier versions of Fluentd are not affected by this vulnerability. This issue was patched in version 1.15.3. As a workaround do not use `FLUENT_OJ_OPTION_MODE=object`. | 2022-11-02 | 9.8 | CVE-2022-39379 MISC CONFIRM |
keystonejs — keystone | Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/[email protected] || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `”development”` for user code, irrespective of what your environment variables. If you do not use `NODE_ENV` in your user code to trigger security-sensitive functionality, you are not impacted by this vulnerability. Any dependencies that use `NODE_ENV` to trigger particular behaviors (optimizations, security or otherwise) should still respect your environment’s configured `NODE_ENV` variable. The application’s dependencies, as found in `node_modules` (including `@keystone-6/core`), are typically not compiled as part of this process, and thus should be unaffected. We have tested this assumption by verifying that `NODE_ENV=production yarn keystone start` still uses secure cookies when using `statelessSessions`. This vulnerability has been fixed in @keystone-6/[email protected], regression tests have been added for this vulnerability in #8063. | 2022-11-03 | 9.8 | CVE-2022-39382 MISC CONFIRM MISC |
deltaww — infrasuite_device_master | The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication. This function allows the user to designate all function arguments and the file to be executed. This could allow the attacker to start any new process and achieve remote code execution. | 2022-10-31 | 9.8 | CVE-2022-40202 MISC |
phppointofsale — php_point_of_sale | The application was vulnerable to a session fixation that could be used hijack accounts. | 2022-10-31 | 9.8 | CVE-2022-40293 MISC |
phppointofsale — php_point_of_sale | The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. | 2022-10-31 | 9.8 | CVE-2022-40296 MISC |
clinic\’s_patient_management_system_project — clinic\’s_patient_management_system | Remote Code Execution in Clinic’s Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php | 2022-10-31 | 9.8 | CVE-2022-40471 MISC MISC MISC |
softnext — mail_sqr_expert | Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service. | 2022-10-31 | 9.8 | CVE-2022-40741 MISC |
hitachi — infrastructure_analytics_advisor | Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. | 2022-11-01 | 9.8 | CVE-2022-41552 MISC |
heidenhain — heros | The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line. | 2022-10-28 | 9.8 | CVE-2022-41648 MISC |
deltaww — infrasuite_device_master | Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations and could ultimately result in remote code execution. | 2022-10-31 | 9.8 | CVE-2022-41657 MISC |
deltaww — infrasuite_device_master | Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution. | 2022-10-31 | 9.8 | CVE-2022-41772 MISC |
deltaww — infrasuite_device_master | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, leading to remote code execution. | 2022-10-31 | 9.8 | CVE-2022-41779 MISC |
auieo — candidats | CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks. | 2022-11-03 | 9.8 | CVE-2022-42744 MISC MISC |
apple — macos | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution. | 2022-11-01 | 9.8 | CVE-2022-42808 MISC MISC MISC MISC |
apple — macos | A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution. | 2022-11-01 | 9.8 | CVE-2022-42813 MISC MISC MISC MISC |
haxx — curl | curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. | 2022-10-29 | 9.8 | CVE-2022-42915 MISC FEDORA |
tenda — ac23_firmware | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | 2022-11-03 | 9.8 | CVE-2022-43101 MISC |
tenda — ac23_firmware | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. | 2022-11-03 | 9.8 | CVE-2022-43102 MISC |
tenda — ac23_firmware | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. | 2022-11-03 | 9.8 | CVE-2022-43103 MISC |
tenda — ac23_firmware | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. | 2022-11-03 | 9.8 | CVE-2022-43104 MISC |
tenda — ac23_firmware | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. | 2022-11-03 | 9.8 | CVE-2022-43105 MISC |
tenda — ac23_firmware | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. | 2022-11-03 | 9.8 | CVE-2022-43106 MISC |
tenda — ac23_firmware | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. | 2022-11-03 | 9.8 | CVE-2022-43107 MISC |
tenda — ac23_firmware | Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | 2022-11-03 | 9.8 | CVE-2022-43108 MISC |
dlink — dir-823g_firmware | D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet. | 2022-11-03 | 9.8 | CVE-2022-43109 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. | 2022-10-28 | 9.8 | CVE-2022-43168 MISC |
f5 — njs | Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. | 2022-10-28 | 9.8 | CVE-2022-43286 MISC MISC |
lesspipe_project — lesspipe | lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. | 2022-11-01 | 9.8 | CVE-2022-44542 MISC MISC |
zoom — virtual_desktop_infrastructure | The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers. | 2022-10-31 | 9.6 | CVE-2022-28763 MISC |
sauter-controls — moduweb_firmware | SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive information, including user credentials. | 2022-10-31 | 9.6 | CVE-2022-40190 MISC |
silabs — gecko_bootloader | Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. | 2022-11-02 | 9.1 | CVE-2022-24936 MISC MISC |
sick — flx3-cpuc1_firmware | A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. | 2022-10-31 | 9.1 | CVE-2022-27583 MISC |
vmware — cloud_foundation | VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. | 2022-10-28 | 9.1 | CVE-2022-31678 MISC |
train_scheduler_app_project — train_scheduler_app | A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504. | 2022-10-31 | 9.1 | CVE-2022-3774 MISC MISC MISC |
ibm — infosphere_information_server | “IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584.” | 2022-11-03 | 9.1 | CVE-2022-40747 MISC |
deltaww — infrasuite_device_master | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords. | 2022-10-31 | 9.1 | CVE-2022-41629 MISC |
phppointofsale — php_point_of_sale | The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account. | 2022-10-31 | 9 | CVE-2022-40287 MISC |
phppointofsale — php_point_of_sale | The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile. | 2022-10-31 | 9 | CVE-2022-40288 MISC |
phppointofsale — php_point_of_sale | The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files. | 2022-10-31 | 9 | CVE-2022-40289 MISC |
expresstech — quiz_and_survey_master | Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. | 2022-11-03 | 8.8 | CVE-2021-36906 CONFIRM CONFIRM |
haascnc — haas_controller_firmware | Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the “Ethernet Q Commands” service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. | 2022-10-28 | 8.8 | CVE-2022-2475 MISC |
keywordrush — content_egg | Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress. | 2022-11-03 | 8.8 | CVE-2022-25952 CONFIRM CONFIRM |
apple — macos | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-11-01 | 8.8 | CVE-2022-26709 MISC MISC MISC MISC MISC |
apple — macos | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-11-01 | 8.8 | CVE-2022-26710 MISC MISC MISC MISC |
apple — macos | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-11-01 | 8.8 | CVE-2022-26716 MISC MISC MISC MISC MISC |
apple — macos | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-11-01 | 8.8 | CVE-2022-26717 MISC MISC MISC MISC MISC MISC |
apple — macos | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-11-01 | 8.8 | CVE-2022-26719 MISC MISC MISC MISC MISC |
superwhite — demon_image_annotation | The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-10-28 | 8.8 | CVE-2022-2864 MISC MISC MISC |
ibm — infosphere_information_server | “IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a “user that the website trusts. IBM X-Force ID: 227295. | 2022-11-03 | 8.8 | CVE-2022-30608 MISC |
hypr — workforce_access | Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse. | 2022-11-03 | 8.8 | CVE-2022-3258 MISC |
apple — iphone_os | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-11-01 | 8.8 | CVE-2022-32888 MISC MISC MISC MISC MISC MISC MISC MLIST |
apple — macos | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-11-01 | 8.8 | CVE-2022-32922 MISC MISC MISC |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. A remote user may be able to cause kernel code execution. | 2022-11-01 | 8.8 | CVE-2022-32934 MISC MISC MISC |
google — chrome | Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) | 2022-11-01 | 8.8 | CVE-2022-3304 MISC MISC |
google — chrome | Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) | 2022-11-01 | 8.8 | CVE-2022-3305 MISC MISC |
google — chrome | Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) | 2022-11-01 | 8.8 | CVE-2022-3306 MISC MISC |
google — chrome | Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) | 2022-11-01 | 8.8 | CVE-2022-3307 MISC MISC |
google — chrome | Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: Low) | 2022-11-01 | 8.8 | CVE-2022-3315 MISC MISC |
nextend — smart_slider_3 | The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site. | 2022-10-31 | 8.8 | CVE-2022-3357 CONFIRM |
google — chrome | Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) | 2022-11-01 | 8.8 | CVE-2022-3370 MISC MISC |
google — chrome | Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chrome security severity: High) | 2022-11-01 | 8.8 | CVE-2022-3373 MISC MISC |
bricksbuilder — bricks | The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution. | 2022-10-28 | 8.8 | CVE-2022-3401 MISC MISC |
cloudflare — warp | Using warp-cli command “add-trusted-ssid”, a user was able to disconnect WARP client and bypass the “Lock WARP switch” feature resulting in Zero Trust policies not being enforced on an affected endpoint. | 2022-10-28 | 8.8 | CVE-2022-3512 MISC |
google — chrome | Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) | 2022-11-01 | 8.8 | CVE-2022-3652 MISC MISC |
google — chrome | Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) | 2022-11-01 | 8.8 | CVE-2022-3653 MISC MISC |
google — chrome | Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) | 2022-11-01 | 8.8 | CVE-2022-3654 MISC MISC |
google — chrome | Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: Medium) | 2022-11-01 | 8.8 | CVE-2022-3655 MISC MISC |
google — chrome | Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chrome security severity: Medium) | 2022-11-01 | 8.8 | CVE-2022-3656 MISC MISC |
google — chrome | Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chrome security severity: Medium) | 2022-11-01 | 8.8 | CVE-2022-3657 MISC MISC |
google — chrome | Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chrome security severity: Medium) | 2022-11-01 | 8.8 | CVE-2022-3658 MISC MISC |
google — chrome | Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chrome security severity: Medium) | 2022-11-01 | 8.8 | CVE-2022-3659 MISC MISC |
google — chrome | Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) | 2022-11-01 | 8.8 | CVE-2022-3723 MISC MISC |
web-based_student_clearance_system_project — web-based_student_clearance_system | A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212415. | 2022-10-28 | 8.8 | CVE-2022-3733 N/A N/A |
exiv2 — exiv2 | A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496. | 2022-10-29 | 8.8 | CVE-2022-3756 MISC MISC |
exiv2 — exiv2 | A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability. | 2022-10-29 | 8.8 | CVE-2022-3757 MISC MISC MISC |
xjyunjing — yunjing_content_management_system | A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500. | 2022-10-31 | 8.8 | CVE-2022-3770 N/A N/A |
easyiicms — easyiicms | A vulnerability, which was classified as problematic, was found in easyii CMS. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. VDB-212502 is the identifier assigned to this vulnerability. | 2022-10-31 | 8.8 | CVE-2022-3772 N/A N/A |
oracle — restaurant_menu_-_food_ordering_system_-_table_reservation | The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-11-03 | 8.8 | CVE-2022-3776 MISC MISC |
ibax — go-ibax | A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212634 is the identifier assigned to this vulnerability. | 2022-11-01 | 8.8 | CVE-2022-3798 N/A N/A |
ibax — go-ibax | A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212635. | 2022-11-01 | 8.8 | CVE-2022-3799 N/A N/A |
ibax — go-ibax | A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636. | 2022-11-01 | 8.8 | CVE-2022-3800 N/A N/A |
ibax — go-ibax | A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability. | 2022-11-01 | 8.8 | CVE-2022-3801 N/A N/A |
ibax — go-ibax | A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The manipulation of the argument where leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212638 is the identifier assigned to this vulnerability. | 2022-11-01 | 8.8 | CVE-2022-3802 N/A N/A |
m-files — hubshare | Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. | 2022-10-31 | 8.8 | CVE-2022-39016 MISC |
glpi-project — glpi | GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | 2022-11-03 | 8.8 | CVE-2022-39234 CONFIRM |
discourse — discourse | Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user’s email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses. | 2022-11-02 | 8.8 | CVE-2022-39356 CONFIRM MISC |
phppointofsale — php_point_of_sale | The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts. | 2022-10-31 | 8.8 | CVE-2022-40291 MISC |
phppointofsale — php_point_of_sale | The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers. | 2022-10-31 | 8.8 | CVE-2022-40294 MISC |
deltaww — infrasuite_device_master | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges. | 2022-10-31 | 8.8 | CVE-2022-41644 MISC |
formalms — formalms | There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. | 2022-10-31 | 8.8 | CVE-2022-41681 CONFIRM |
xen — xen | Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain. | 2022-11-01 | 8.8 | CVE-2022-42309 MISC CONFIRM MLIST DEBIAN |
auieo — candidats | CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. | 2022-11-03 | 8.8 | CVE-2022-42750 MISC MISC |
auieo — candidats | CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. | 2022-11-03 | 8.8 | CVE-2022-42751 MISC MISC |
apple — iphone_os | A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may lead to arbitrary code execution. | 2022-11-01 | 8.8 | CVE-2022-42795 MISC MISC MISC MISC |
apple — macos | A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-11-01 | 8.8 | CVE-2022-42823 MISC MISC MISC MISC MISC MLIST |
formalms — formalms | Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the ‘id’ parameter in the ‘appCore/index.php?r=adm/mediagallery/delete’ function in order to dump the entire database or delete all contents from the ‘core_user_file’ table. | 2022-10-31 | 8.8 | CVE-2022-42923 CONFIRM |
formalms — formalms | There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection. | 2022-10-31 | 8.8 | CVE-2022-42925 CONFIRM |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/view_appointment. | 2022-11-02 | 8.8 | CVE-2022-43226 MISC |
totaljs — total.js | In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. | 2022-10-30 | 8.8 | CVE-2022-44019 MISC MISC MISC |
pixman — pixman | In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. | 2022-11-03 | 8.8 | CVE-2022-44638 MISC MLIST |
fortinet — fortimail | An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64. | 2022-11-02 | 8.6 | CVE-2022-26122 CONFIRM |
apple — macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions. | 2022-11-01 | 8.6 | CVE-2022-32890 MISC |
apple — safari | An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions. | 2022-11-01 | 8.6 | CVE-2022-32892 MISC MISC MISC MISC |
cloudflare — warp_mobile_client | It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. | 2022-10-28 | 8.5 | CVE-2022-3337 MISC |
cloudflare — warp_mobile_client | It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both “Disable for cellular networks” and “Disable for Wi-Fi networks” switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform. | 2022-10-28 | 8.2 | CVE-2022-3321 MISC |
stb_project — stb | stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. | 2022-11-02 | 8.1 | CVE-2021-37789 MISC |
fortinet — fortios | A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack. | 2022-11-02 | 8.1 | CVE-2022-30307 CONFIRM |
vmware — spring_security | Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token. | 2022-10-31 | 8.1 | CVE-2022-31690 MISC |
thimpress — learnpress | The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function. | 2022-10-31 | 8.1 | CVE-2022-3360 CONFIRM |
google — web_stories | The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the ‘url’ parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2022-10-28 | 8.1 | CVE-2022-3708 MISC MISC MISC MISC |
haascnc — haas_controller_firmware | Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device. | 2022-10-28 | 8 | CVE-2022-2474 MISC |
apereo — phpcas | phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to “^(https)://.*”) or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim’s account on a vulnerable CASified service without victim’s knowledge, when the victim visits attacker’s website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS < 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP’s HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior. | 2022-11-01 | 8 | CVE-2022-39369 CONFIRM |
jhead_project — jhead | jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. | 2022-11-04 | 7.8 | CVE-2021-34055 MISC |
netskope — netskope | Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user. | 2022-11-03 | 7.8 | CVE-2021-44862 MISC |
fortinet — fortisiem | A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. | 2022-11-02 | 7.8 | CVE-2022-26119 CONFIRM |
apple — macos | A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution. | 2022-11-01 | 7.8 | CVE-2022-26730 MISC |
apple — macos | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with system privileges. | 2022-11-01 | 7.8 | CVE-2022-26762 MISC MISC |
apple — mac_os_x | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges. | 2022-11-01 | 7.8 | CVE-2022-32794 MISC MISC MISC |
apple — iphone_os | The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32865 MISC MISC |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32866 MISC MISC MISC MISC MISC |
apple — iphone_os | The issue was addressed with improved memory handling. This issue is fixed in iOS 16. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32887 MISC |
apple — iphone_os | The issue was addressed with improved memory handling. This issue is fixed in iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32889 MISC MISC |
apple — iphone_os | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32898 MISC MISC MISC MISC |
apple — iphone_os | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32899 MISC MISC MISC MISC |
apple — iphone_os | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32903 MISC MISC MISC |
apple — macos | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges. | 2022-11-01 | 7.8 | CVE-2022-32905 MISC |
apple — iphone_os | This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32907 MISC MISC MISC |
apple — iphone_os | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32914 MISC MISC MISC MISC MISC MISC |
apple — macos | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32915 MISC |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32924 MISC MISC MISC MISC MISC MISC |
apple — iphone_os | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32932 MISC MISC MISC |
apple — iphone_os | The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32939 MISC MISC |
apple — macos | The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32940 MISC MISC MISC MISC |
apple — macos | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32944 MISC MISC MISC MISC MISC MISC MISC |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-32947 MISC MISC MISC |
fortinet — fortitester | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 2022-11-02 | 7.8 | CVE-2022-33870 CONFIRM |
ibm — infosphere_information_server | “IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-“Force ID: 231361. | 2022-11-03 | 7.8 | CVE-2022-35717 MISC |
axiosys — bento4 | A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4_Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp of the component mp4hls. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212563. | 2022-10-31 | 7.8 | CVE-2022-3784 N/A N/A N/A |
axiosys — bento4 | A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_DataBuffer::SetDataSize of the component Avcinfo. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212564. | 2022-10-31 | 7.8 | CVE-2022-3785 N/A N/A N/A |
schneider-electric — ecostruxure_operator_terminal_expert | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | 2022-11-04 | 7.8 | CVE-2022-41666 MISC |
schneider-electric — ecostruxure_operator_terminal_expert | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | 2022-11-04 | 7.8 | CVE-2022-41667 MISC |
schneider-electric — ecostruxure_operator_terminal_expert | A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | 2022-11-04 | 7.8 | CVE-2022-41668 MISC |
opensvc — multipath-tools | multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. | 2022-10-29 | 7.8 | CVE-2022-41973 MISC MISC MISC FULLDISC MISC |
opensvc — multipath-tools | multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. | 2022-10-29 | 7.8 | CVE-2022-41974 MISC MISC MISC FULLDISC MISC |
apple — ipados | This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS 15.7, macOS Ventura 13. An app may be able to gain elevated privileges. | 2022-11-01 | 7.8 | CVE-2022-42796 MISC MISC |
apple — macos | This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution. | 2022-11-01 | 7.8 | CVE-2022-42800 MISC MISC MISC MISC MISC MISC |
apple — macos | A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7.8 | CVE-2022-42801 MISC MISC MISC MISC MISC MISC |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution. | 2022-11-01 | 7.8 | CVE-2022-42809 MISC |
apple — macos | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination or arbitrary code execution. | 2022-11-01 | 7.8 | CVE-2022-42820 MISC MISC |
apple — iphone_os | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. | 2022-11-01 | 7.8 | CVE-2022-42827 MISC MISC |
webassembly — wasm | wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h. | 2022-10-28 | 7.8 | CVE-2022-43281 MISC |
hcltech — verse | The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app. | 2022-11-01 | 7.5 | CVE-2020-4099 CONFIRM |
hcltech — hcl_launch_container_image | The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. | 2022-10-31 | 7.5 | CVE-2021-27784 CONFIRM |
honeywell — c200_firmware | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. | 2022-10-28 | 7.5 | CVE-2021-38399 CONFIRM CONFIRM |
mt — ind780_firmware | A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label ‘IND780_8.0.07’), Version 7.2.10 June 18, 2012 (SS Label ‘IND780_7.2.10’). It was possible to traverse the folders of the affected host by providing a traversal path to the ‘webpage’ parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future. | 2022-10-31 | 7.5 | CVE-2021-40661 MISC MISC |
hitachi — vantara_pentaho | A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory. | 2022-11-02 | 7.5 | CVE-2021-45446 MISC |
hitachi — vantara_pentaho | Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access. | 2022-11-02 | 7.5 | CVE-2021-45447 MISC |
muhammara_project — muhammara | The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data. | 2022-11-01 | 7.5 | CVE-2022-25885 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
muhammara_project — muhammara | The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. | 2022-11-01 | 7.5 | CVE-2022-25892 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
zephyrproject — zephyr | The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa). | 2022-10-31 | 7.5 | CVE-2022-2741 MISC |
schoolbox — schoolbox | The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database. | 2022-10-31 | 7.5 | CVE-2022-3059 MISC |
trihedral — vtscada | An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. | 2022-11-02 | 7.5 | CVE-2022-3181 MISC |
apache — unstructured_information_management_architecture | A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine. | 2022-11-03 | 7.5 | CVE-2022-32287 MISC MLIST |
apple — mac_os_x | A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper. | 2022-11-01 | 7.5 | CVE-2022-32910 MISC MISC MISC |
apple — iphone_os | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app. | 2022-11-01 | 7.5 | CVE-2022-32927 MISC MISC |
cloudflare — warp_mobile_client | Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the “Disable WARP” quick action. | 2022-10-28 | 7.5 | CVE-2022-3322 MISC |
fortinet — fortios | An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS. | 2022-11-02 | 7.5 | CVE-2022-35842 CONFIRM |
openssl — openssl | A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6). | 2022-11-01 | 7.5 | CVE-2022-3602 CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST CISCO GENTOO CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MISC MLIST MLIST MLIST MLIST MLIST CONFIRM CERT-VN MLIST MLIST MLIST MLIST MLIST MLIST MISC MISC MISC MISC MISC MISC |
cloudflare — octorpki | Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. | 2022-10-28 | 7.5 | CVE-2022-3616 MISC |
redhat — ansible_collection | A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. | 2022-10-28 | 7.5 | CVE-2022-3697 MISC |
opennebula — opennebula | Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. | 2022-10-28 | 7.5 | CVE-2022-37426 MISC |
html-minifier_project — html-minifier | A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js. | 2022-10-31 | 7.5 | CVE-2022-37620 MISC MISC MISC |
devolutions — remote_desktop_manager | Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. | 2022-11-01 | 7.5 | CVE-2022-3780 MISC |
openssl — openssl | A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. | 2022-11-01 | 7.5 | CVE-2022-3786 CONFIRM MISC |
m-files — hubshare | Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. | 2022-10-31 | 7.5 | CVE-2022-39018 MISC |
m-files — hubshare | Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. | 2022-10-31 | 7.5 | CVE-2022-39019 MISC |
conduit-hyper_project — conduit-hyper | conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request’s length before calling [`hyper::body::to_bytes`](https://docs.rs/hyper/latest/hyper/body/fn.to_bytes.html). An attacker could send a malicious request with an abnormally large `Content-Length`, which could lead to a panic if memory allocation failed for that request. In version 0.4.2, `conduit-hyper` sets an internal limit of 128 MiB per request, otherwise returning status 400 (“Bad Request”). This crate is part of the implementation of Rust’s [crates.io](https://crates.io/), but that service is not affected due to its existing cloud infrastructure, which already drops such malicious requests. Even with the new limit in place, `conduit-hyper` is not recommended for production use, nor to directly serve the public Internet. | 2022-10-31 | 7.5 | CVE-2022-39294 CONFIRM |
strongswan — strongswan | strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker’s control) that doesn’t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. | 2022-10-31 | 7.5 | CVE-2022-40617 CONFIRM |
ndk-design — ndkadvancedcustomizationfields | A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data. | 2022-11-01 | 7.5 | CVE-2022-40839 MISC MISC MISC |
haascnc — haas_controller | Communication traffic involving “Ethernet Q Commands” service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller. | 2022-10-28 | 7.5 | CVE-2022-41636 MISC |
deltaww — infrasuite_device_master | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group. | 2022-10-31 | 7.5 | CVE-2022-41688 MISC |
golang — go | Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string “A=B\x00C=D” sets the variables “A=B” and “C=D”. | 2022-11-02 | 7.5 | CVE-2022-41716 MISC MISC MISC MISC |
deltaww — infrasuite_device_master | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrative passwords. | 2022-10-31 | 7.5 | CVE-2022-41776 MISC |
apache — tomcat | If Apache Tomcat 8.5.0 to 8.5.52, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. | 2022-11-01 | 7.5 | CVE-2022-42252 MISC |
xen — xen | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction | 2022-11-01 | 7.5 | CVE-2022-42311 MISC CONFIRM DEBIAN |
auieo — candidats | CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE. | 2022-11-03 | 7.5 | CVE-2022-42745 MISC MISC |
haxx — curl | In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. | 2022-10-29 | 7.5 | CVE-2022-42916 MISC FEDORA |
fast_food_ordering_system_project — fast_food_ordering_system | Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /fastfood/purchase.php. | 2022-11-01 | 7.5 | CVE-2022-43081 MISC |
open5gs — open5gs | open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. | 2022-11-01 | 7.5 | CVE-2022-43221 MISC |
open5gs — open5gs | open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. | 2022-11-01 | 7.5 | CVE-2022-43222 MISC |
open5gs — open5gs | open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment. | 2022-11-01 | 7.5 | CVE-2022-43223 MISC |
f5 — njs | Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. | 2022-10-28 | 7.5 | CVE-2022-43284 MISC MISC |
f5 — njs | Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. | 2022-10-28 | 7.5 | CVE-2022-43285 MISC |
openharmony — openharmony | OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. | 2022-11-03 | 7.5 | CVE-2022-43495 MISC |
ibm — robotic_process_automation | “IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679.” | 2022-11-03 | 7.5 | CVE-2022-43574 MISC |
jetbrains — teamcity | In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings | 2022-11-03 | 7.5 | CVE-2022-44623 MISC |
jetbrains — teamcity | In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | 2022-11-03 | 7.5 | CVE-2022-44624 MISC |
google — chrome | Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: Medium) | 2022-11-01 | 7.4 | CVE-2022-3308 MISC MISC |
sick — sim2000-2p04g10_firmware | Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version <= 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >1.2.0 as soon as possible. | 2022-11-01 | 7.3 | CVE-2022-43989 MISC |
sick — sim1012-0p0g200_firmware | Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version < 2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible. (available in SICK Support Portal) | 2022-11-01 | 7.3 | CVE-2022-43990 MISC |
expresstech — quiz_and_survey_master | Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 2022-10-28 | 7.2 | CVE-2021-36898 CONFIRM CONFIRM |
wp-ecommerce — easy_wp_smtp | The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 2022-10-31 | 7.2 | CVE-2022-3334 CONFIRM |
publishpress — capabilities | The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site. | 2022-10-31 | 7.2 | CVE-2022-3366 CONFIRM |
oceanwp — ocean_extra | The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog. | 2022-10-31 | 7.2 | CVE-2022-3374 CONFIRM |
wpbeaverbuilder — customizer_export\/import | The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 2022-10-31 | 7.2 | CVE-2022-3380 CONFIRM |
garage_management_system_project — garage_management_system | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php. | 2022-11-02 | 7.2 | CVE-2022-41551 MISC |
online_tours_\&_travels_management_system_project — online_tours_\&_travels_management_system | Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-11-03 | 7.2 | CVE-2022-43061 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_appointment. | 2022-11-03 | 7.2 | CVE-2022-43062 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Users.php?f=delete_client. | 2022-11-03 | 7.2 | CVE-2022-43063 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=delete_message. | 2022-11-02 | 7.2 | CVE-2022-43066 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. | 2022-11-02 | 7.2 | CVE-2022-43068 MISC |
vehicle_booking_system_project — vehicle_booking_system | An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-11-01 | 7.2 | CVE-2022-43083 MISC |
restaurant_pos_system_project — restaurant_pos_system | An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-11-01 | 7.2 | CVE-2022-43085 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. | 2022-11-01 | 7.2 | CVE-2022-43124 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manage_appointment.php. | 2022-11-01 | 7.2 | CVE-2022-43125 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php. | 2022-11-01 | 7.2 | CVE-2022-43126 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php. | 2022-11-01 | 7.2 | CVE-2022-43127 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment. | 2022-11-02 | 7.2 | CVE-2022-43227 MISC |
simple_cold_storage_management_system_project — simple_cold_storage_managment_system | Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. | 2022-10-28 | 7.2 | CVE-2022-43229 MISC MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. | 2022-11-01 | 7.2 | CVE-2022-43328 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. | 2022-11-01 | 7.2 | CVE-2022-43329 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. | 2022-11-01 | 7.2 | CVE-2022-43330 MISC |
canteen_management_system_project — canteen_management_system | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php. | 2022-11-01 | 7.2 | CVE-2022-43331 MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | 2022-11-01 | 7.2 | CVE-2022-43353 MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request. | 2022-11-01 | 7.2 | CVE-2022-43354 MISC |
sanitization_management_system_project — sanitization_management_system | Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service. | 2022-11-01 | 7.2 | CVE-2022-43355 MISC |
slims — senayan_library_management_system | Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. | 2022-11-01 | 7.2 | CVE-2022-43362 MISC |
apple — iphone_os | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory. | 2022-11-01 | 7.1 | CVE-2022-32925 MISC MISC MISC |
xen — xen | x86: unintended memory sharing between guests On Intel systems that support the “virtualize APIC accesses” feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests. | 2022-11-01 | 7.1 | CVE-2022-42327 MISC CONFIRM MLIST |
webassembly — wabt | wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount. | 2022-10-28 | 7.1 | CVE-2022-43280 MISC |
webassembly — wabt | wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. | 2022-10-28 | 7.1 | CVE-2022-43282 MISC |
sudo_project — sudo | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. | 2022-11-02 | 7.1 | CVE-2022-43995 MISC MISC MISC MISC |
xen — xen | Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0. | 2022-11-01 | 7 | CVE-2022-42320 MISC CONFIRM MLIST DEBIAN |
apple — macos | A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7 | CVE-2022-42791 MISC |
apple — iphone_os | A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7 | CVE-2022-42803 MISC MISC MISC MISC MISC MISC |
apple — macos | A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 7 | CVE-2022-42806 MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — iphone_os | The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 6.7 | CVE-2022-32926 MISC MISC MISC MISC MISC |
fortinet — fortitester | A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command. | 2022-11-02 | 6.7 | CVE-2022-38372 CONFIRM |
apple — macos | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 6.7 | CVE-2022-42829 MISC MISC |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 6.7 | CVE-2022-42830 MISC MISC |
diplib — diplib | diplib v3.0.0 is vulnerable to Double Free. | 2022-11-04 | 6.5 | CVE-2021-39432 MISC MISC |
hitachi — vantara_pentaho | Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as “..” and “/” separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. | 2022-11-02 | 6.5 | CVE-2021-45448 MISC |
ibm — infosphere_information_server | “IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427.” | 2022-11-03 | 6.5 | CVE-2022-22442 MISC |
apple — iphone_os | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service. | 2022-11-01 | 6.5 | CVE-2022-22658 MISC |
apache — dolphinscheduler | Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. | 2022-10-28 | 6.5 | CVE-2022-26884 MISC MLIST |
oracle — restaurant_menu_-_food_ordering_system_-_table_reservation | The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin’s settings and modifying the ordering system preferences. | 2022-11-03 | 6.5 | CVE-2022-2696 MISC MISC MISC |
hosteng — h0-ecom100_firmware | Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive. | 2022-10-28 | 6.5 | CVE-2022-3228 MISC |
apple — iphone_os | A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. | 2022-11-01 | 6.5 | CVE-2022-32923 MISC MISC MISC MISC MISC MISC MLIST |
google — chrome | Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chrome security severity: Medium) | 2022-11-01 | 6.5 | CVE-2022-3309 MISC MISC |
google — chrome | Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chrome security severity: Medium) | 2022-11-01 | 6.5 | CVE-2022-3310 MISC MISC |
google — chrome | Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: Medium) | 2022-11-01 | 6.5 | CVE-2022-3311 MISC MISC |
google — chrome | Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chrome security severity: Medium) | 2022-11-01 | 6.5 | CVE-2022-3313 MISC MISC |
google — chrome | Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: Medium) | 2022-11-01 | 6.5 | CVE-2022-3314 MISC MISC |
google — chrome | Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chrome security severity: Low) | 2022-11-01 | 6.5 | CVE-2022-3318 MISC MISC |
addify — automatic_user_roles_switcher | The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator | 2022-10-31 | 6.5 | CVE-2022-3419 CONFIRM |
ibm — cognos_analytics | “IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963.” | 2022-11-03 | 6.5 | CVE-2022-34339 MISC |
apache — dolphinscheduler | When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher | 2022-11-01 | 6.5 | CVE-2022-34662 MISC |
tenable — nessus | An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. | 2022-10-31 | 6.5 | CVE-2022-3499 MISC |
google — chrome | Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chrome security severity: Low) | 2022-11-01 | 6.5 | CVE-2022-3661 MISC MISC |
opennebula — opennebula | Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. | 2022-10-28 | 6.5 | CVE-2022-37424 MISC |
exiv2 — exiv2 | A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495. | 2022-10-29 | 6.5 | CVE-2022-3755 MISC MISC MISC |
devolutions — remote_desktop_manager | Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. | 2022-11-01 | 6.5 | CVE-2022-3781 MISC |
axiosys — bento4 | A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Incomplete Fix CVE-2019-13238. The manipulation leads to resource consumption. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212660. | 2022-11-01 | 6.5 | CVE-2022-3807 N/A N/A N/A |
axiosys — bento4 | A vulnerability was found in Axiomatic Bento4 and classified as problematic. Affected by this issue is the function ParseCommandLine of the file Mp4Tag/Mp4Tag.cpp of the component mp4tag. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212666 is the identifier assigned to this vulnerability. | 2022-11-02 | 6.5 | CVE-2022-3809 MISC MISC MISC |
axiosys — bento4 | A vulnerability was found in Axiomatic Bento4. It has been classified as problematic. This affects the function AP4_File::AP4_File of the file Mp42Hevc.cpp of the component mp42hevc. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212667. | 2022-11-02 | 6.5 | CVE-2022-3810 MISC MISC MISC |
axiosys — bento4 | A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212678 is the identifier assigned to this vulnerability. | 2022-11-01 | 6.5 | CVE-2022-3812 N/A N/A N/A |
axiosys — bento4 | A vulnerability classified as problematic has been found in Axiomatic Bento4. This affects an unknown part of the component mp4edit. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212679. | 2022-11-01 | 6.5 | CVE-2022-3813 N/A N/A N/A |
axiosys — bento4 | A vulnerability classified as problematic was found in Axiomatic Bento4. This vulnerability affects unknown code of the component mp4decrypt. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212680. | 2022-11-01 | 6.5 | CVE-2022-3814 N/A N/A N/A |
axiosys — bento4 | A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability. | 2022-11-01 | 6.5 | CVE-2022-3815 N/A N/A N/A |
axiosys — bento4 | A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212682 is the identifier assigned to this vulnerability. | 2022-11-01 | 6.5 | CVE-2022-3816 N/A N/A N/A |
axiosys — bento4 | A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212683. | 2022-11-01 | 6.5 | CVE-2022-3817 N/A N/A N/A |
huaxiaerp — huaxia_erp | A vulnerability was found in Huaxia ERP 2.3 and classified as critical. Affected by this issue is some unknown functionality of the component User Management. The manipulation of the argument login leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212792. | 2022-11-02 | 6.5 | CVE-2022-3825 MISC MISC |
huaxiaerp — huaxia_erp | A vulnerability was found in Huaxia ERP. It has been classified as problematic. This affects an unknown part of the file /depotHead/list of the component Retail Management. The manipulation of the argument search leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212793 was assigned to this vulnerability. | 2022-11-02 | 6.5 | CVE-2022-3826 MISC MISC |
vr_calendar_project — vr_calendar | The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-11-03 | 6.5 | CVE-2022-3852 MISC MISC MISC |
edetw — u-office_force | U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. | 2022-10-31 | 6.5 | CVE-2022-39022 MISC |
edetw — u-office_force | U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. | 2022-10-31 | 6.5 | CVE-2022-39023 MISC |
qtiworks_project — qtiworks | QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files into other locations in the filesystem if they are writable by the process running the QTIWorks Engine. In extreme cases, this could allow anonymous users to change files in arbitrary locations in the filesystem. In normal QTIWorks Engine deployments, the impact is somewhat reduced because the default QTIWorks configuration does not enable the public demo functionality, so ZIP files can only be uploaded by users with “instructor” privileges. This vulnerability is fixed in version 1.0-beta15. There are no database configuration changes required when upgrading to this version. No known workarounds for this issue exist. | 2022-10-28 | 6.5 | CVE-2022-39367 MISC MISC CONFIRM |
glpi-project — glpi | GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in `mailto` links. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | 2022-11-03 | 6.5 | CVE-2022-39376 CONFIRM |
fortinet — fortimail | An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR). | 2022-11-02 | 6.5 | CVE-2022-39945 CONFIRM |
ibm — mq_appliance | “IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532.” | 2022-11-03 | 6.5 | CVE-2022-40230 MISC |
ibm — infosphere_information_server | “IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725.” | 2022-11-03 | 6.5 | CVE-2022-40235 MISC |
processwire — processwire | ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). | 2022-10-31 | 6.5 | CVE-2022-40488 MISC MISC |
softnext — mail_sqr_expert | Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | 2022-10-31 | 6.5 | CVE-2022-40742 MISC |
formalms — formalms | Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the ‘search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates’ function in order to dump the entire database. | 2022-10-31 | 6.5 | CVE-2022-41680 CONFIRM |
xen — xen | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction | 2022-11-01 | 6.5 | CVE-2022-42312 MISC CONFIRM DEBIAN |
xen — xen | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction | 2022-11-01 | 6.5 | CVE-2022-42313 MISC CONFIRM DEBIAN |
xen — xen | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction | 2022-11-01 | 6.5 | CVE-2022-42314 MISC CONFIRM DEBIAN |
xen — xen | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction | 2022-11-01 | 6.5 | CVE-2022-42315 MISC CONFIRM DEBIAN |
xen — xen | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction | 2022-11-01 | 6.5 | CVE-2022-42316 MISC CONFIRM DEBIAN |
xen — xen | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction | 2022-11-01 | 6.5 | CVE-2022-42317 MISC CONFIRM DEBIAN |
xen — xen | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction | 2022-11-01 | 6.5 | CVE-2022-42318 MISC CONFIRM DEBIAN |
xen — xen | Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored. | 2022-11-01 | 6.5 | CVE-2022-42319 MISC CONFIRM MLIST DEBIAN |
xen — xen | Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored. | 2022-11-01 | 6.5 | CVE-2022-42321 MISC CONFIRM MLIST DEBIAN |
apple — iphone_os | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. Visiting a maliciously crafted website may leak sensitive data. | 2022-11-01 | 6.5 | CVE-2022-42817 MISC MISC MISC |
formalms — formalms | Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the ‘dyn_filter’ parameter in the ‘appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata’ function in order to dump the entire database. | 2022-10-31 | 6.5 | CVE-2022-42924 CONFIRM |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43235 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43236 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43237 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43238 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43239 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43240 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43241 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43242 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43243 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43244 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43245 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43248 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43249 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43250 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43252 MISC |
struktur — libde265 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | 2022-11-02 | 6.5 | CVE-2022-43253 MISC |
openharmony — openharmony | OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges. | 2022-11-03 | 6.5 | CVE-2022-43451 MISC |
apple — macos | A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 6.4 | CVE-2022-42831 MISC MISC |
apple — macos | A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. | 2022-11-01 | 6.4 | CVE-2022-42832 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach(). | 2022-10-30 | 6.4 | CVE-2022-44032 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach(). | 2022-10-30 | 6.4 | CVE-2022-44033 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove(). | 2022-10-30 | 6.4 | CVE-2022-44034 MISC MISC |
tribalsystems — zenario | A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea7b49ea440b63f3baa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212816. | 2022-11-02 | 6.1 | CVE-2020-36608 N/A N/A |
johnsoncontrols — cevas | All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries. | 2022-10-28 | 6.1 | CVE-2021-36206 CERT CONFIRM |
tagdiv — newspaper | The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting | 2022-10-31 | 6.1 | CVE-2022-2167 CONFIRM |
enviragallery — envira_gallery | The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | 2022-10-31 | 6.1 | CVE-2022-2190 CONFIRM |
tagdiv — newspaper | The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. | 2022-10-31 | 6.1 | CVE-2022-2627 CONFIRM |
facetwp — log_http_requests | The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site’s administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2022-10-28 | 6.1 | CVE-2022-3402 MISC MISC MISC |
rockcontent — rock_convert | The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting | 2022-10-31 | 6.1 | CVE-2022-3440 CONFIRM |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | 2022-10-31 | 6.1 | CVE-2022-3766 CONFIRM MISC |
nodered — node-red-dashboard | A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555. | 2022-10-31 | 6.1 | CVE-2022-3783 N/A N/A N/A |
eolink — apinto-dashboard | A vulnerability was found in eolinker apinto-dashboard. It has been rated as problematic. This issue affects some unknown processing of the file /login. The manipulation of the argument callback leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212633 was assigned to this vulnerability. | 2022-11-01 | 6.1 | CVE-2022-3797 N/A N/A |
eolink — apinto-dashboard | A vulnerability was found in eolinker apinto-dashboard and classified as problematic. This issue affects some unknown processing of the file /api/discoveries/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212639. | 2022-11-01 | 6.1 | CVE-2022-3803 N/A N/A N/A |
eolink — apinto-dashboard | A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212640. | 2022-11-01 | 6.1 | CVE-2022-3804 N/A N/A N/A |
fortinet — fortiadc | A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiADC 7.0.0 – 7.0.2 and 6.2.0 – 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews. | 2022-11-02 | 6.1 | CVE-2022-38374 CONFIRM |
webmin — webmin | A vulnerability, which was classified as problematic, was found in Webmin. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. The name of the patch is d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to apply a patch to fix this issue. VDB-212862 is the identifier assigned to this vulnerability. | 2022-11-02 | 6.1 | CVE-2022-3844 N/A N/A |
phpipam — phpipam | A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-212863. | 2022-11-02 | 6.1 | CVE-2022-3845 N/A N/A N/A |
schoolbox — schoolbox | Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting. | 2022-10-31 | 6.1 | CVE-2022-39020 MISC |
edetw — u-office_force | U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website. | 2022-10-31 | 6.1 | CVE-2022-39021 MISC |
edetw — u-office_force | U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | 2022-10-31 | 6.1 | CVE-2022-39024 MISC |
edetw — u-office_force | U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | 2022-10-31 | 6.1 | CVE-2022-39025 MISC |
phppointofsale — php_point_of_sale | The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users. | 2022-10-31 | 6.1 | CVE-2022-40290 MISC |
processwire — processwire | ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload. | 2022-10-31 | 6.1 | CVE-2022-40487 MISC MISC |
ndk-design — ndkadvancedcustomizationfields | ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php. | 2022-11-02 | 6.1 | CVE-2022-40840 MISC MISC |
formalms — formalms | Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user´s cookies in order to log in to the application. | 2022-10-31 | 6.1 | CVE-2022-41679 CONFIRM |
auieo — candidats | CandidATS version 3.0.0 on ‘indexFile’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 2022-11-03 | 6.1 | CVE-2022-42746 MISC MISC |
auieo — candidats | CandidATS version 3.0.0 on ‘sortBy’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 2022-11-03 | 6.1 | CVE-2022-42747 MISC MISC |
auieo — candidats | CandidATS version 3.0.0 on ‘sortDirection’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 2022-11-03 | 6.1 | CVE-2022-42748 MISC MISC |
auieo — candidats | CandidATS version 3.0.0 on ‘page’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 2022-11-03 | 6.1 | CVE-2022-42749 MISC MISC |
salonerp_project — salonerp | SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. | 2022-11-03 | 6.1 | CVE-2022-42753 MISC MISC |
apple — macos | The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. | 2022-11-01 | 6.1 | CVE-2022-42799 MISC MISC MISC MISC MISC MLIST |
train_scheduler_app_project — train_scheduler_app | A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | 2022-11-01 | 6.1 | CVE-2022-43079 MISC |
fast_food_ordering_system_project — fast_food_ordering_system | A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter. | 2022-11-01 | 6.1 | CVE-2022-43082 MISC |
apache — airflow | In Apache Airflow versions prior to 2.4.2, the “Trigger DAG with config” screen was susceptible to XSS attacks via the `origin` query argument. | 2022-11-02 | 6.1 | CVE-2022-43982 CONFIRM BUGTRAQ |
apache — airflow | In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver’s `/confirm` endpoint. | 2022-11-02 | 6.1 | CVE-2022-43985 CONFIRM BUGTRAQ |
alpine_project — alpine | Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS. | 2022-11-03 | 5.9 | CVE-2021-46853 MISC MISC |
ibm — websphere_application_server | “IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762.” | 2022-11-03 | 5.9 | CVE-2022-38712 MISC |
apple — macos | This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity. | 2022-11-01 | 5.9 | CVE-2022-42818 MISC |
github — enterprise_server | An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program. | 2022-11-01 | 5.7 | CVE-2022-23738 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
hitachi — ops_center_analyzer | Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. | 2022-11-01 | 5.5 | CVE-2022-3191 MISC |
apple — iphone_os | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service. | 2022-11-01 | 5.5 | CVE-2022-32827 MISC MISC |
apple — iphone_os | The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. An app may be able to leak sensitive kernel state. | 2022-11-01 | 5.5 | CVE-2022-32858 MISC MISC MISC |
apple — macos | This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.7.1, macOS Ventura 13, macOS Monterey 12.6.1. An app with root privileges may be able to access private information. | 2022-11-01 | 5.5 | CVE-2022-32862 MISC MISC MISC |
apple — macos | A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Monterey 12.6. An app may be able to access user-sensitive data. | 2022-11-01 | 5.5 | CVE-2022-32877 MISC MISC |
apple — macos | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to modify protected parts of the file system. | 2022-11-01 | 5.5 | CVE-2022-32881 MISC MISC MISC MISC MISC MISC |
apple — macos | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data. | 2022-11-01 | 5.5 | CVE-2022-32904 MISC MISC MISC |
apple — iphone_os | The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may be able to access user-sensitive data. | 2022-11-01 | 5.5 | CVE-2022-32909 MISC |
apple — iphone_os | This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass Privacy preferences. | 2022-11-01 | 5.5 | CVE-2022-32918 MISC MISC |
apple — iphone_os | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups. | 2022-11-01 | 5.5 | CVE-2022-32929 MISC MISC MISC |
apple — macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to disclose kernel memory. | 2022-11-01 | 5.5 | CVE-2022-32936 MISC |
apple — iphone_os | This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. | 2022-11-01 | 5.5 | CVE-2022-32946 MISC |
bitdefender — engines | An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659. | 2022-11-01 | 5.5 | CVE-2022-3369 MISC |
fortinet — forticlient | An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal. | 2022-11-02 | 5.5 | CVE-2022-33878 CONFIRM |
redhat — fedora_coreos | Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line. | 2022-11-03 | 5.5 | CVE-2022-3675 MISC MISC MISC |
pdfhummus — hummusjs | Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources. | 2022-11-02 | 5.5 | CVE-2022-39381 CONFIRM MISC MISC MISC |
fortinet — fortiedr | An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection. | 2022-11-02 | 5.5 | CVE-2022-39949 CONFIRM |
zettlr — zettlr | Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. | 2022-11-03 | 5.5 | CVE-2022-40276 MISC MISC |
hitachi — infrastructure_analytics_advisor | Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. | 2022-11-01 | 5.5 | CVE-2022-41553 MISC |
markdownify_project — markdownify | Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. | 2022-11-03 | 5.5 | CVE-2022-41710 MISC MISC |
xen — xen | Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base. | 2022-11-01 | 5.5 | CVE-2022-42310 MISC CONFIRM MLIST DEBIAN |
xen — xen | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A’s local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0’s number of nodes isn’t limited by Xenstore quota. | 2022-11-01 | 5.5 | CVE-2022-42322 MISC CONFIRM MLIST DEBIAN |
xen — xen | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A’s local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0’s number of nodes isn’t limited by Xenstore quota. | 2022-11-01 | 5.5 | CVE-2022-42323 MISC CONFIRM MLIST DEBIAN |
xen — xen | Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring. | 2022-11-01 | 5.5 | CVE-2022-42324 MISC CONFIRM MLIST DEBIAN |
xen — xen | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. | 2022-11-01 | 5.5 | CVE-2022-42325 MISC CONFIRM MLIST DEBIAN |
xen — xen | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. | 2022-11-01 | 5.5 | CVE-2022-42326 MISC CONFIRM MLIST DEBIAN |
fortinet — fortisoar | A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 – 6.4.4 and 7.0.0 – 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. | 2022-11-02 | 5.5 | CVE-2022-42473 CONFIRM |
apple — macos | A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information. | 2022-11-01 | 5.5 | CVE-2022-42788 MISC |
apple — macos | An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data. | 2022-11-01 | 5.5 | CVE-2022-42789 MISC MISC MISC |
apple — ipados | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. A user may be able to view restricted content from the lock screen. | 2022-11-01 | 5.5 | CVE-2022-42790 MISC MISC MISC MISC MISC |
apple — ipados | An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. An app may be able to bypass code signing checks. | 2022-11-01 | 5.5 | CVE-2022-42793 MISC MISC MISC MISC MISC |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user information. | 2022-11-01 | 5.5 | CVE-2022-42798 MISC MISC MISC MISC MISC MISC MISC |
apple — iphone_os | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents. | 2022-11-01 | 5.5 | CVE-2022-42810 MISC MISC MISC MISC |
apple — macos | An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data. | 2022-11-01 | 5.5 | CVE-2022-42811 MISC MISC MISC MISC |
apple — macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | 2022-11-01 | 5.5 | CVE-2022-42814 MISC |
apple — macos | This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | 2022-11-01 | 5.5 | CVE-2022-42815 MISC |
apple — macos | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to read sensitive location information. | 2022-11-01 | 5.5 | CVE-2022-42819 MISC MISC MISC |
apple — macos | A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information. | 2022-11-01 | 5.5 | CVE-2022-42824 MISC MISC MISC MISC MISC MLIST |
apple — macos | This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system. | 2022-11-01 | 5.5 | CVE-2022-42825 MISC MISC MISC MISC MISC MISC |
rtf2html_project — rtf2html | rtf2html v0.2.0 was discovered to contain a heap overflow in the component /rtf2html/./rtf_tools.h. | 2022-10-31 | 5.5 | CVE-2022-43148 MISC |
timg_project — timg | timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc. | 2022-10-31 | 5.5 | CVE-2022-43151 MISC |
tsmuxer_project — tsmuxer | tsMuxer v2.6.16 was discovered to contain a heap overflow via the function BitStreamWriter::flushBits() at /tsMuxer/bitStream.h. | 2022-10-31 | 5.5 | CVE-2022-43152 MISC |
gpac — gpac | GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c. | 2022-11-02 | 5.5 | CVE-2022-43254 MISC |
gpac — gpac | GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c. | 2022-11-02 | 5.5 | CVE-2022-43255 MISC |
webassembly — wabt | wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. | 2022-10-28 | 5.5 | CVE-2022-43283 MISC |
openharmony — openharmony | OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. | 2022-11-03 | 5.5 | CVE-2022-43449 MISC |
opendev — sushy-tools | An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an “unsupported, production-like configuration.” | 2022-10-30 | 5.5 | CVE-2022-44020 MISC MISC MISC |
pycdc_project — pycdc | pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode. | 2022-10-31 | 5.5 | CVE-2022-44079 MISC |
lodev — lodepng | Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail. | 2022-10-31 | 5.5 | CVE-2022-44081 MISC |
expresstech — quiz_and_survey_master | Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 2022-10-28 | 5.4 | CVE-2021-36864 CONFIRM CONFIRM |
hotelmanager_project — hotelmanager | Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields. | 2022-11-04 | 5.4 | CVE-2021-39473 MISC MISC |
palantir — foundry_blobster | The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0. | 2022-11-04 | 5.4 | CVE-2022-27894 MISC |
gitlab — gitlab | A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | 2022-11-02 | 5.4 | CVE-2022-2904 MISC CONFIRM MISC |
ibm — infosphere_information_server | “IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592. | 2022-11-03 | 5.4 | CVE-2022-30615 MISC |
wp_total_hacks_project — wp_total_hacks | The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin’s settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. | 2022-10-31 | 5.4 | CVE-2022-3096 CONFIRM |
apache — spark | A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. | 2022-11-01 | 5.4 | CVE-2022-31777 MISC |
ibm — infosphere_information_server | “IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592.” | 2022-11-03 | 5.4 | CVE-2022-35642 MISC |
fortinet — fortiadc | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address. | 2022-11-02 | 5.4 | CVE-2022-35851 CONFIRM |
coleds — simple_seo | Auth. (subscriber+) Broken Access Control vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemap. | 2022-11-03 | 5.4 | CVE-2022-36404 CONFIRM CONFIRM |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | 2022-10-31 | 5.4 | CVE-2022-3765 CONFIRM MISC |
fortinet — fortideceptor | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID. | 2022-11-02 | 5.4 | CVE-2022-38373 CONFIRM |
m-files — hubshare | Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. | 2022-10-31 | 5.4 | CVE-2022-39017 MISC |
edetw — u-office_force | U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. | 2022-10-31 | 5.4 | CVE-2022-39026 MISC |
edetw — u-office_force | U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. | 2022-10-31 | 5.4 | CVE-2022-39027 MISC |
glpi-project — glpi | GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | 2022-11-03 | 5.4 | CVE-2022-39371 CONFIRM |
glpi-project — glpi | GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | 2022-11-03 | 5.4 | CVE-2022-39372 CONFIRM |
glpi-project — glpi | GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | 2022-11-03 | 5.4 | CVE-2022-39375 CONFIRM |
fortinet — fortianalyzer | An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor “protected” comment as described in CVE-2020-9281. | 2022-11-02 | 5.4 | CVE-2022-39950 CONFIRM |
ragic — ragic | Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack. | 2022-10-31 | 5.4 | CVE-2022-40739 MISC |
openwrt — luci | OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments. | 2022-11-03 | 5.4 | CVE-2022-41435 MISC MISC |
rukovoditel — rukovoditel | A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking “Add”. | 2022-10-28 | 5.4 | CVE-2022-43167 MISC |
rukovoditel — rukovoditel | A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking “Add New Group”. | 2022-10-28 | 5.4 | CVE-2022-43169 MISC |
rukovoditel — rukovoditel | A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking “Add info block”. | 2022-10-28 | 5.4 | CVE-2022-43170 MISC |
apache — sling_cms | An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. | 2022-11-02 | 5.4 | CVE-2022-43670 MISC MLIST |
coleds — simple_seo | Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps. | 2022-11-03 | 5.4 | CVE-2022-44627 CONFIRM CONFIRM |
apple — iphone_os | A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results. | 2022-11-01 | 5.3 | CVE-2022-32859 MISC |
apple — iphone_os | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials. | 2022-11-01 | 5.3 | CVE-2022-32928 MISC MISC MISC |
apple — macos | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system. | 2022-11-01 | 5.3 | CVE-2022-32938 MISC MISC |
ibm — robotic_process_automation | “IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.” | 2022-11-03 | 5.3 | CVE-2022-38710 MISC |
glpi-project — glpi | GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator. This issue has been patched, please upgrade to 10.0.4. There are currently no known workarounds. | 2022-11-03 | 5.3 | CVE-2022-39276 MISC CONFIRM |
discourse — discourse | Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user’s activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any user. If there are sensitive information in the topic title, it will therefore have been exposed. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are currently no known workarounds available. | 2022-11-02 | 5.3 | CVE-2022-39378 CONFIRM |
phppointofsale — php_point_of_sale | The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system. | 2022-10-31 | 5.3 | CVE-2022-40292 MISC |
deep-object-diff_project — deep-object-diff | deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the ‘__proto__’ property to be edited. | 2022-11-03 | 5.3 | CVE-2022-41713 MISC MISC |
fastest-json-copy_project — fastest-json-copy | fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the ‘__proto__’ property to be edited. | 2022-11-03 | 5.3 | CVE-2022-41714 MISC MISC |
deep-parse-json_project — deep-parse-json | deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the ‘__proto__’ property to be edited. | 2022-11-03 | 5.3 | CVE-2022-42743 MISC MISC |
pwndoc_project — pwndoc | PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts. | 2022-10-30 | 5.3 | CVE-2022-44022 MISC |
pwndoc_project — pwndoc | PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. | 2022-10-30 | 5.3 | CVE-2022-44023 MISC |
jetbrains — teamcity | In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive | 2022-11-03 | 5.3 | CVE-2022-44622 MISC |
jetbrains — teamcity | In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user’s settings | 2022-11-03 | 5.3 | CVE-2022-44646 MISC |
apple — iphone_os | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6. An app may be able to read sensitive location information. | 2022-11-01 | 5 | CVE-2022-32875 MISC MISC MISC MISC MISC |
opencart — opencart | OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background. | 2022-11-03 | 4.9 | CVE-2021-37823 MISC |
discourse — discourse | Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs. | 2022-11-02 | 4.9 | CVE-2022-39241 CONFIRM |
phppointofsale — php_point_of_sale | The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks. | 2022-10-31 | 4.9 | CVE-2022-40295 MISC |
restaurant_pos_system_project — restaurant_pos_system | Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php. | 2022-11-01 | 4.9 | CVE-2022-43086 MISC |
wpexperts — wp_contact_slider | The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-10-31 | 4.8 | CVE-2022-3237 CONFIRM |
redlettuce — wp_word_count | The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 2022-10-31 | 4.8 | CVE-2022-3408 CONFIRM |
official_integration_for_billingo_project — official_integration_for_billingo | The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks. | 2022-10-31 | 4.8 | CVE-2022-3420 CONFIRM |
rockcontent — rock_convert | The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-10-31 | 4.8 | CVE-2022-3441 CONFIRM |
rockcontent — rock_convert | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress. | 2022-11-03 | 4.8 | CVE-2022-36428 CONFIRM CONFIRM |
webfactoryltd — under_construction | A vulnerability classified as problematic has been found in WebFactory Under Construction Plugin. This affects an unknown part of the component Plugin Setting Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212661 was assigned to this vulnerability. | 2022-11-01 | 4.8 | CVE-2022-3808 N/A N/A N/A |
glpi-project — glpi | GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4. | 2022-11-03 | 4.8 | CVE-2022-39262 MISC CONFIRM |
glpi-project — glpi | GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4. There are currently no known workarounds. | 2022-11-03 | 4.8 | CVE-2022-39277 CONFIRM MISC |
glpi-project — glpi | GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to version 10.0.4. | 2022-11-03 | 4.8 | CVE-2022-39373 CONFIRM |
web-based_student_clearance_system_project — web-based_student_clearance_system | A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter. | 2022-11-01 | 4.8 | CVE-2022-43076 MISC |
web-based_student_clearance_system_project — web-based_student_clearance_system | A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | 2022-11-01 | 4.8 | CVE-2022-43078 MISC |
vehicle_booking_system_project — vehicle_booking_system | A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter. | 2022-11-01 | 4.8 | CVE-2022-43084 MISC |
slims — senayan_library_management_system | Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. | 2022-11-01 | 4.8 | CVE-2022-43361 MISC |
emlog — emlog | Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. | 2022-11-03 | 4.8 | CVE-2022-43372 MISC |
agenteasy_properties_project — agenteasy_properties | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in AgentEasy Properties plugin <= 1.0.4 on WordPress. | 2022-11-02 | 4.8 | CVE-2022-44576 CONFIRM CONFIRM |
am-hili_project — am-hili | Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress. | 2022-11-02 | 4.8 | CVE-2022-44586 CONFIRM CONFIRM |
jumpdemand — 4ecps_web_forms | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress. | 2022-11-03 | 4.8 | CVE-2022-44628 CONFIRM CONFIRM |
apple — macos | A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. | 2022-11-01 | 4.7 | CVE-2022-32895 MISC |
apple — macos | A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen. | 2022-11-01 | 4.6 | CVE-2022-32935 MISC MISC MISC |
google — chrome | Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chrome security severity: Medium) | 2022-11-01 | 4.6 | CVE-2022-3312 MISC MISC |
froxlor — froxlor | Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. | 2022-11-04 | 4.6 | CVE-2022-3721 MISC CONFIRM |
hitachi — infrastructure_analytics_advisor | Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. | 2022-11-01 | 4.4 | CVE-2020-36605 MISC |
ibm — security_guardium | “IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.” | 2022-11-03 | 4.4 | CVE-2021-39077 MISC |
apple — macos | A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. | 2022-11-01 | 4.3 | CVE-2022-22677 MISC MISC |
google — chrome | Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chrome security severity: Low) | 2022-11-01 | 4.3 | CVE-2022-3316 MISC MISC |
google — chrome | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chrome security severity: Low) | 2022-11-01 | 4.3 | CVE-2022-3317 MISC MISC |
google — chrome | Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chrome security severity: Low) | 2022-11-01 | 4.3 | CVE-2022-3443 MISC MISC |
google — chrome | Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chrome security severity: Low) | 2022-11-01 | 4.3 | CVE-2022-3444 MISC MISC |
google — chrome | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chrome security severity: Medium) | 2022-11-01 | 4.3 | CVE-2022-3660 MISC MISC |
fortinet — fortios | An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API. | 2022-11-02 | 4.3 | CVE-2022-38380 CONFIRM |
glpi-project — glpi | GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the `install/update.php` script. | 2022-11-03 | 4.3 | CVE-2022-39370 CONFIRM |
a3rev — page_view_count | Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings. | 2022-11-03 | 4.3 | CVE-2022-40131 CONFIRM CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — iphone_os | This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier. | 2022-11-01 | 3.3 | CVE-2022-32835 MISC MISC |
apple — iphone_os | The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera. | 2022-11-01 | 3.3 | CVE-2022-32913 MISC MISC MISC MISC MISC MISC |
ibm — robotic_process_automation_for_cloud_pak | “IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214.” | 2022-11-03 | 3.3 | CVE-2022-42442 MISC |
apple — iphone_os | This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs. | 2022-11-01 | 2.4 | CVE-2022-32867 MISC MISC |
apple — iphone_os | A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information. | 2022-11-01 | 2.4 | CVE-2022-32870 MISC MISC MISC |
apple — ipados | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen. | 2022-11-01 | 2.4 | CVE-2022-32879 MISC MISC MISC MISC MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cisco — multiple_products | A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. | 2022-11-04 | not yet calculated | CVE-2022-20772 MISC |
cisco — multiple_products | A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system. | 2022-11-04 | not yet calculated | CVE-2022-20867 MISC |
cisco — multiple_products | A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account. | 2022-11-04 | not yet calculated | CVE-2022-20868 MISC |
cisco — identity_services_engine | A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability. | 2022-11-04 | not yet calculated | CVE-2022-20937 MISC |
cisco — multiple_products | A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device. | 2022-11-04 | not yet calculated | CVE-2022-20942 MISC |
cisco — broadworks_commpilot | A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} [“%7b%7bvalue%7d%7d”])}]] | 2022-11-04 | not yet calculated | CVE-2022-20951 MISC |
cisco — identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx”] | 2022-11-04 | not yet calculated | CVE-2022-20956 MISC |
cisco — broadworks_commpilot | A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} [“%7b%7bvalue%7d%7d”])}]] | 2022-11-04 | not yet calculated | CVE-2022-20958 MISC |
cisco — asyncos | A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerability by establishing a large number of concurrent TLS connections to an affected device. A successful exploit could allow the attacker to cause the device to drop new TLS email messages that come from the associated email servers. Exploitation of this vulnerability does not cause the affected device to unexpectedly reload. The device will recover autonomously within a few hours of when the attack is halted or mitigated. | 2022-11-04 | not yet calculated | CVE-2022-20960 MISC |
cisco — identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user. | 2022-11-04 | not yet calculated | CVE-2022-20961 MISC |
cisco — localdisk_management | A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges. | 2022-11-04 | not yet calculated | CVE-2022-20962 MISC |
cisco — identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid credentials to access the web-based management interface of an affected device. | 2022-11-04 | not yet calculated | CVE-2022-20963 MISC |
cisco — umbrella | A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. | 2022-11-04 | not yet calculated | CVE-2022-20969 MISC |
foundry_magritte — osisoft-pi-web-connector | The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 – 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. | 2022-11-04 | not yet calculated | CVE-2022-27893 CONFIRM |
vmware — multiple_products |
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker. | 2022-11-04 | not yet calculated | CVE-2022-31691 MISC |
trellix — ips_manager |
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. | 2022-11-04 | not yet calculated | CVE-2022-3340 CONFIRM |
apache — multiple_products | The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the ClientCredentialFlow ‘issuer url’. The intercepted credentials can be used to acquire authentication data from the OAuth2.0 server to then authenticate with an Apache Pulsar cluster. An attacker can only take advantage of this vulnerability by taking control of a machine ‘between’ the client and the server. The attacker must then actively manipulate traffic to perform the attack. The Apache Pulsar Python Client wraps the C++ client, so it is also vulnerable in the same way. This issue affects Apache Pulsar C++ Client and Python Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0 to 2.10.1; 2.6.4 and earlier. Any users running affected versions of the C++ Client or the Python Client should rotate vulnerable OAuth2.0 credentials, including client_id and client_secret. 2.7 C++ and Python Client users should upgrade to 2.7.5 and rotate vulnerable OAuth2.0 credentials. 2.8 C++ and Python Client users should upgrade to 2.8.4 and rotate vulnerable OAuth2.0 credentials. 2.9 C++ and Python Client users should upgrade to 2.9.3 and rotate vulnerable OAuth2.0 credentials. 2.10 C++ and Python Client users should upgrade to 2.10.2 and rotate vulnerable OAuth2.0 credentials. 3.0 C++ users are unaffected and 3.0 Python Client users will be unaffected when it is released. Any users running the C++ and Python Client for 2.6 or less should upgrade to one of the above patched versions. | 2022-11-04 | not yet calculated | CVE-2022-33684 MISC |
ibm — business_automation_workflow | “IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537.” | 2022-11-03 | not yet calculated | CVE-2022-35279 MISC |
watchdog — anti-virus |
Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files. | 2022-11-04 | not yet calculated | CVE-2022-38582 MISC |
hcl — domino | HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user’s person record. | 2022-11-04 | not yet calculated | CVE-2022-38654 MISC |
hcl — xpages |
HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. | 2022-11-04 | not yet calculated | CVE-2022-38660 MISC |
sourcecodester — sanitization_management_system | A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=save_quote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213012. | 2022-11-05 | not yet calculated | CVE-2022-3868 N/A N/A |
froxlor — froxlor | Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. | 2022-11-05 | not yet calculated | CVE-2022-3869 CONFIRM MISC |
microsoft — azure |
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function prevents buffer overflow during handling of DFU UPLOAD command when current state is `UX_SYSTEM_DFU_STATE_DFU_IDLE`. This issue has been patched, please upgrade to version 6.1.12. As a workaround, add the `UPLOAD_LENGTH` check in all possible states. | 2022-11-04 | not yet calculated | CVE-2022-39344 CONFIRM |
openzeppelin — contracts | OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization. | 2022-11-04 | not yet calculated | CVE-2022-39384 MISC CONFIRM |
xwiki_contrib — oidc | XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the oidc.endpoint.* request parameters (or by using an XWiki-based OpenID provider with oidc.xwikiprovider. With the same approach, one could also provide a specific group mapping through oidc.groups.mapping that would make his user automatically part of the XWikiAdminGroup. This issue has been patched, please upgrade to 1.29.1. There is no workaround, an upgrade of the authenticator is required. | 2022-11-04 | not yet calculated | CVE-2022-39387 MISC CONFIRM MISC |
becton_dickson — totalys_multiprocessor | BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability. | 2022-11-04 | not yet calculated | CVE-2022-40263 CONFIRM |
schneider_electric — multiple_products | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | 2022-11-04 | not yet calculated | CVE-2022-41669 MISC |
schneider_electric — multiple_products | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | 2022-11-04 | not yet calculated | CVE-2022-41670 MISC |
schneider_electric — multiple_products | A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | 2022-11-04 | not yet calculated | CVE-2022-41671 MISC |
splunk — enterprise_security | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled. | 2022-11-03 | not yet calculated | CVE-2022-43561 MISC MISC |
splunk — enterprise_security | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. | 2022-11-04 | not yet calculated | CVE-2022-43562 MISC |
splunk — enterprise_security | In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | 2022-11-04 | not yet calculated | CVE-2022-43563 MISC |
splunk — enterprise_security | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros. | 2022-11-04 | not yet calculated | CVE-2022-43564 MISC |
splunk — enterprise_security | In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. | 2022-11-04 | not yet calculated | CVE-2022-43565 MISC |
splunk — enterprise_security | In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | 2022-11-04 | not yet calculated | CVE-2022-43566 MISC MISC |
splunk — enterprise_security | In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. | 2022-11-04 | not yet calculated | CVE-2022-43567 MISC MISC |
splunk — enterprise_security | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio. | 2022-11-04 | not yet calculated | CVE-2022-43568 MISC MISC |
splunk — enterprise_security | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. | 2022-11-04 | not yet calculated | CVE-2022-43569 MISC MISC |
splunk — enterprise_security | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error. | 2022-11-04 | not yet calculated | CVE-2022-43570 MISC |
splunk — enterprise_security | In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. | 2022-11-03 | not yet calculated | CVE-2022-43571 MISC MISC |
splunk — enterprise_security | In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. | 2022-11-04 | not yet calculated | CVE-2022-43572 MISC |
linux — linux_kernel |
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2022-11-04 | not yet calculated | CVE-2022-43945 MISC |
stiltsoft_europe — handy_macros | The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. | 2022-11-04 | not yet calculated | CVE-2022-44724 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.