Vulnerability Summary for the Week of September 5, 2022

Released
Sep 12, 2022
Document ID
SB22-255

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- airflowIn Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.2022-09-02not yet calculatedCVE-2022-38054
CONFIRM
MLIST
apache -- airflowIn Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.2022-09-02not yet calculatedCVE-2022-38170
CONFIRM
MLIST
MLIST
apache -- iotdbApache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.2022-09-05not yet calculatedCVE-2022-38369
MISC
MLIST
apache -- iotdbApache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.2022-09-05not yet calculatedCVE-2022-38370
MISC
MLIST
apache -- ofbizApache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.2022-09-02not yet calculatedCVE-2022-25370
CONFIRM
MLIST
MLIST
apache -- ofbizApache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.2022-09-02not yet calculatedCVE-2022-25371
CONFIRM
MLIST
MLIST
apache -- ofbizIn Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.2022-09-02not yet calculatedCVE-2022-25813
CONFIRM
MLIST
apache -- ofbizThe Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.2022-09-02not yet calculatedCVE-2022-29063
CONFIRM
MLIST
apache -- ofbiz
 
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-125992022-09-02not yet calculatedCVE-2022-29158
CONFIRM
MLIST
appsmith -- appsmithServer-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak.2022-09-05not yet calculatedCVE-2022-39824
MISC
MISC
asp.net_core -- miniblog.coreMiniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field.2022-09-02not yet calculatedCVE-2022-37679
MISC
atlassian -- jiraThe Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint.2022-09-05not yet calculatedCVE-2022-38367
MISC
MISC
avaya -- ip_office_admin_lite_and_usb_creatorA privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.2022-09-02not yet calculatedCVE-2021-25657
CONFIRM
bitdefender -- bitdefender_gravityzone_consoleDeserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.2022-09-05not yet calculatedCVE-2022-2830
MISC
blackboard -- learnBlackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL.2022-09-05not yet calculatedCVE-2022-39196
MISC
blogengine -- blogengineBlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.2022-09-02not yet calculatedCVE-2022-36600
MISC
chatwoot -- chatwoot
 
Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8.2022-09-06not yet calculatedCVE-2022-2901
MISC
CONFIRM
cotonti -- sienaCotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post.2022-09-05not yet calculatedCVE-2022-39839
MISC
cotonti -- sienaCotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM).2022-09-05not yet calculatedCVE-2022-39840
MISC
databasir -- databasir
 
Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.2022-09-02not yet calculatedCVE-2022-31196
MISC
CONFIRM
MISC
dell -- multiple_products
 
Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.2022-09-02not yet calculatedCVE-2022-34382
MISC
dell -- powerscale_onefsDell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise.2022-09-02not yet calculatedCVE-2022-34371
MISC
dell -- powerscale_onefsDell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data.2022-09-02not yet calculatedCVE-2022-34369
MISC
dell -- powerscale_onefs
 
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.2022-09-02not yet calculatedCVE-2022-34378
MISC
discourse -- discourseDiscourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.2022-09-02not yet calculatedCVE-2022-37458
MISC
MISC
MISC
dokuwiki -- dokuwikiCross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.2022-09-05not yet calculatedCVE-2022-3123
MISC
CONFIRM
drakkan -- sftpgoSFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP. In SFTPGo versions from version 2.2.0 to 2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the user's password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time. This issue has been fixed in version 2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it.2022-09-02not yet calculatedCVE-2022-36071
MISC
CONFIRM
drawio -- drawioCross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8.2022-09-05not yet calculatedCVE-2022-3127
CONFIRM
MISC
drawio -- drawioImproper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.2022-09-02not yet calculatedCVE-2022-3065
CONFIRM
MISC
gagliardetto -- binary
 
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it's possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice.2022-09-02not yet calculatedCVE-2022-36078
CONFIRM
MISC
MISC
garage_management_system -- garage_management_systemAn access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders.2022-09-02not yet calculatedCVE-2022-36638
MISC
MISC
garage_management_system -- garage_management_systemGarage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.2022-09-02not yet calculatedCVE-2022-36636
MISC
MISC
garage_management_system -- garage_management_systemGarage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php.2022-09-02not yet calculatedCVE-2022-36637
MISC
MISC
garage_management_system -- garage_management_systemA stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.2022-09-02not yet calculatedCVE-2022-36639
MISC
MISC
geonetwork -- geonetwork
 
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0.2022-09-05not yet calculatedCVE-2021-28398
MISC
CONFIRM
MISC
MISC
grafana -- grafana_image_rendererGrafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer).2022-09-02not yet calculatedCVE-2022-31176
CONFIRM
MISC
hitachi -- raid_manager_storage_replicationadapterOS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.2022-09-06not yet calculatedCVE-2022-34883
MISC
hitachi -- raid_manager_storage_replicationadapterInformation Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.2022-09-06not yet calculatedCVE-2022-34882
MISC
ibm -- 123elf_lotus_1-2-3
 
123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from process_fmt() that can be reached via a w3r_format element in a wk3 document.2022-09-05not yet calculatedCVE-2022-39843
MISC
MISC
kkfileview -- kkfileviewkkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java.2022-09-02not yet calculatedCVE-2022-36593
MISC
libdwarf -- libdwarflibdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.2022-09-02not yet calculatedCVE-2022-39170
MISC
MISC
libvnclient -- libvnclientlibvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().2022-09-02not yet calculatedCVE-2020-29260
MISC
linux -- bluezBlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.2022-09-02not yet calculatedCVE-2022-39177
MISC
MISC
linux -- bluezBlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.2022-09-02not yet calculatedCVE-2022-39176
MISC
MISC
linux -- linux_kernelAn issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.2022-09-02not yet calculatedCVE-2022-39189
MISC
MISC
MISC
MISC
linux -- linux_kernelAn issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.2022-09-02not yet calculatedCVE-2022-39190
MISC
MISC
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.2022-09-05not yet calculatedCVE-2022-39842
MISC
MISC
linux -- linux_kernelAn issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.2022-09-02not yet calculatedCVE-2022-39188
MISC
MISC
MISC
MISC
MISC
mediawiki -- mediawikiAn issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed.2022-09-02not yet calculatedCVE-2022-39194
MISC
modsecurity -- owasp-modsecurity-crsModsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.2022-09-02not yet calculatedCVE-2020-22669
CONFIRM
MISC
mybatis -- mapperMapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function.2022-09-02not yet calculatedCVE-2022-36594
MISC
nodebb -- nodebb
 
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2.2022-09-02not yet calculatedCVE-2022-36076
MISC
CONFIRM
MISC
online_food_ordering_system -- online_food_ordering_systemOnline Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=.2022-09-02not yet calculatedCVE-2022-36759
MISC
otrs_ag -- otrsAttacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package2022-09-05not yet calculatedCVE-2022-39051
CONFIRM
otrs_ag -- otrs
 
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap2022-09-05not yet calculatedCVE-2022-39050
CONFIRM
otrs_ag -- otrs
 
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.2022-09-05not yet calculatedCVE-2022-39049
CONFIRM
pfsense -- pfblockerngpfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.2022-09-05not yet calculatedCVE-2022-31814
MISC
MISC
pkuvcl -- pkuvcl_davs2PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269.2022-09-02not yet calculatedCVE-2022-36647
MISC
prestashop -- prestashopThis package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.2022-09-02not yet calculatedCVE-2022-35933
CONFIRM
MISC
pspp -- psppAn issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2022-09-05not yet calculatedCVE-2022-39832
MISC
pspp -- pspp
 
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.2022-09-05not yet calculatedCVE-2022-39831
MISC
publiccms -- publiccmsServer-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.2022-09-02not yet calculatedCVE-2021-27693
MISC
MISC
qualcomm -- snapdragonMemory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-25680
CONFIRM
qualcomm -- snapdragonDevices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-02not yet calculatedCVE-2022-22069
CONFIRM
qualcomm -- snapdragonMemory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile2022-09-02not yet calculatedCVE-2022-22096
CONFIRM
qualcomm -- snapdragonNon-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-02not yet calculatedCVE-2021-35122
CONFIRM
qualcomm -- snapdragonImproper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music2022-09-02not yet calculatedCVE-2022-22080
CONFIRM
qualcomm -- snapdragonMemory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-02not yet calculatedCVE-2022-22070
CONFIRM
qualcomm -- snapdragonPotential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile2022-09-02not yet calculatedCVE-2022-22067
CONFIRM
qualcomm -- snapdragonMemory corruption in multimedia due to improper validation of array index in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22099
CONFIRM
qualcomm -- snapdragonAn out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-09-02not yet calculatedCVE-2022-22062
CONFIRM
qualcomm -- snapdragonOut of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile2022-09-02not yet calculatedCVE-2022-22061
CONFIRM
qualcomm -- snapdragonMemory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-09-02not yet calculatedCVE-2022-22059
CONFIRM
qualcomm -- snapdragonImproper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile2022-09-02not yet calculatedCVE-2021-35108
CONFIRM
qualcomm -- snapdragonPossible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-02not yet calculatedCVE-2021-35097
CONFIRM
qualcomm -- snapdragonOut of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-02not yet calculatedCVE-2021-35132
CONFIRM
qualcomm -- snapdragonUse after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-09-02not yet calculatedCVE-2021-35133
CONFIRM
qualcomm -- snapdragonMemory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT2022-09-02not yet calculatedCVE-2022-22097
CONFIRM
qualcomm -- snapdragonMemory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22098
CONFIRM
qualcomm -- snapdragonA null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-02not yet calculatedCVE-2021-35135
CONFIRM
qualcomm -- snapdragonMemory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-02not yet calculatedCVE-2022-25657
CONFIRM
qualcomm -- snapdragonMemory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-02not yet calculatedCVE-2022-25668
CONFIRM
qualcomm -- snapdragonDue to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-09-02not yet calculatedCVE-2021-35134
CONFIRM
qualcomm -- snapdragonDenial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22101
CONFIRM
qualcomm -- snapdragonMemory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22102
CONFIRM
qualcomm -- snapdragonMemory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-02not yet calculatedCVE-2022-25659
CONFIRM
qualcomm -- snapdragonMemory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22104
CONFIRM
qualcomm -- snapdragonMemory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22106
CONFIRM
qualcomm -- snapdragonPossible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-02not yet calculatedCVE-2021-35113
CONFIRM
qualcomm -- snapdragonMemory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-02not yet calculatedCVE-2022-25658
CONFIRM
qualcomm -- snapdragonMemory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22100
CONFIRM
qualcomm -- snapdragon
 
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile2022-09-02not yet calculatedCVE-2021-35109
CONFIRM
rosariosis -- rosariosisImproper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.2022-09-06not yet calculatedCVE-2022-2714
CONFIRM
MISC
samsung -- mtowersign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.2022-09-05not yet calculatedCVE-2022-39830
MISC
MISC
MISC
samsung -- mtower
 
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.2022-09-05not yet calculatedCVE-2022-39829
MISC
MISC
MISC
samsung -- mtower
 
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.2022-09-05not yet calculatedCVE-2022-39828
MISC
MISC
MISC
snakeyaml -- snakeyamlUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.2022-09-05not yet calculatedCVE-2022-38749
MISC
MISC
snakeyaml -- snakeyamlUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.2022-09-05not yet calculatedCVE-2022-38750
MISC
MISC
snakeyaml -- snakeyamlUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.2022-09-05not yet calculatedCVE-2022-38751
MISC
MISC
snakeyaml -- snakeyaml
 
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.2022-09-05not yet calculatedCVE-2022-38752
MISC
MISC
sourcecodehero -- sourcecodehero_erp_system_projectA vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability.2022-09-04not yet calculatedCVE-2022-3118
MISC
MISC
sourcecodester -- clinics_patient_management_systemA vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability.2022-09-05not yet calculatedCVE-2022-3122
MISC
MISC
sourcecodester -- clinics_patient_management_systemA vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-207847.2022-09-05not yet calculatedCVE-2022-3120
MISC
MISC
sourcecodester -- clinic’s_patient_management_systemClinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php.2022-09-02not yet calculatedCVE-2022-36609
MISC
sourcecodester -- expense_management_systemExpense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p.2022-09-02not yet calculatedCVE-2022-36754
MISC
sourcecodester -- online_employee_leave_management_systemA vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability.2022-09-05not yet calculatedCVE-2022-3121
MISC
synapse -- synapse
 
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround.2022-09-02not yet calculatedCVE-2022-31152
MISC
MISC
MISC
CONFIRM
systematic_fix_adapter -- systematic_fix_adapterSystematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.2022-09-05not yet calculatedCVE-2022-39838
MISC
MISC
MISC
telos_alliance -- omnia_mpx_node
 
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands.2022-09-02not yet calculatedCVE-2022-36642
MISC
MISC
MISC
MISC
tinygltf -- tinygltf
 
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c7512022-09-05not yet calculatedCVE-2022-3008
CONFIRM
CONFIRM
CONFIRM
CONFIRM
vim -- vimUse After Free in GitHub repository vim/vim prior to 9.0.0360.2022-09-03not yet calculatedCVE-2022-3099
CONFIRM
MISC
wolfssl -- wolfsslwolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.2022-09-02not yet calculatedCVE-2021-44718
MISC
MISC
wordpress -- wordpressThe Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site.2022-09-05not yet calculatedCVE-2022-2083
MISC
MISC
wordpress -- wordpressThe WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)2022-09-05not yet calculatedCVE-2022-2271
MISC
wordpress -- wordpressThe Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users2022-09-05not yet calculatedCVE-2022-2376
MISC
wordpress -- wordpressThe Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts2022-09-05not yet calculatedCVE-2022-2543
MISC
wordpress -- wordpressThe Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins2022-09-05not yet calculatedCVE-2022-2565
MISC
wordpress -- wordpressThe Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts2022-09-05not yet calculatedCVE-2022-2597
MISC
wordpress -- wordpressThe Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors (reporter by the submitter) or update arbitrary order status (identified by WPScan when verifying the issue) for example. Other unauthenticated attacks are also possible, either directly or via CSRF2022-09-05not yet calculatedCVE-2022-2657
MISC
wordpress -- wordpressThe Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-09-05not yet calculatedCVE-2022-2775
MISC
zyxel -- nas326
 
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.2022-09-06not yet calculatedCVE-2022-34747
CONFIRM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.