Vulnerability Summary for the Week of September 26, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acer -- altos_t110_f3 | There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir. | 2022-09-23 | 7.8 | CVE-2022-30426 MISC MISC MISC |
advantech -- iview | An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. | 2022-09-27 | 7.5 | CVE-2022-3323 MISC |
apache -- pinot | In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0 | 2022-09-23 | 9.8 | CVE-2022-26112 CONFIRM |
apple -- ipad_os | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. | 2022-09-23 | 7.1 | CVE-2020-36521 MISC MISC MISC MISC MISC MISC |
apple -- iphone_os | A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | 2022-09-23 | 7.8 | CVE-2022-32814 MISC MISC MISC MISC |
apple -- iphone_os | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. | 2022-09-23 | 8.8 | CVE-2022-26700 MISC MISC MISC MISC MISC |
apple -- iphone_os | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-09-23 | 8.8 | CVE-2022-22624 MISC MISC MISC MISC |
apple -- macos | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges. | 2022-09-23 | 7.8 | CVE-2022-32842 MISC MISC |
apple -- macos | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | 2022-09-23 | 7.8 | CVE-2022-32796 MISC |
apple -- macos | An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges. | 2022-09-23 | 7.8 | CVE-2022-32826 MISC MISC MISC MISC MISC MISC |
apple -- macos | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app may be able to gain elevated privileges. | 2022-09-23 | 7.8 | CVE-2022-32798 MISC |
apple -- macos | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges. | 2022-09-23 | 7.8 | CVE-2022-32819 MISC MISC MISC MISC MISC MISC |
apple -- macos | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to gain root privileges. | 2022-09-23 | 7.8 | CVE-2022-32801 MISC |
apple -- macos | This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | 2022-09-23 | 7.8 | CVE-2022-32829 MISC MISC |
apple -- macos | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges. | 2022-09-23 | 7.8 | CVE-2022-32815 MISC MISC MISC MISC MISC MISC |
apple -- macos | This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox. | 2022-09-23 | 10 | CVE-2022-32845 MISC MISC MISC |
apple -- macos | This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service. | 2022-09-23 | 7.5 | CVE-2022-32790 MISC MISC MISC MISC MISC MISC |
apple -- macos | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-09-23 | 8.8 | CVE-2022-32792 MISC MISC MISC MISC MISC |
apple -- macos | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges. | 2022-09-23 | 7.8 | CVE-2022-32820 MISC MISC MISC MISC MISC MISC |
apple -- macos | A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | 2022-09-23 | 7.8 | CVE-2022-32821 MISC MISC MISC MISC |
apple -- macos | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. | 2022-09-23 | 7.1 | CVE-2022-32852 MISC |
apple -- macos | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. | 2022-09-23 | 7.1 | CVE-2022-32851 MISC MISC MISC |
apple -- macos | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. | 2022-09-23 | 7.1 | CVE-2022-32831 MISC MISC MISC |
apple -- macos | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory. | 2022-09-23 | 7.1 | CVE-2022-32843 MISC MISC MISC |
apple -- macos | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-09-23 | 8.8 | CVE-2022-22629 MISC MISC MISC MISC MISC MISC |
apple -- macos | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-09-23 | 8.8 | CVE-2022-32787 MISC MISC MISC MISC MISC MISC |
apple -- macos | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. | 2022-09-23 | 7.1 | CVE-2022-32797 MISC MISC MISC |
apple -- macos | This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory. | 2022-09-23 | 9.1 | CVE-2022-32847 MISC MISC MISC MISC MISC MISC |
apple -- macos | This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files. | 2022-09-23 | 7.1 | CVE-2022-32807 MISC MISC MISC |
apple -- macos | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. | 2022-09-23 | 7.1 | CVE-2022-32853 MISC MISC MISC |
apple -- swiftnio | NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines to their input (usually in encoded form) and "inject" those newlines into the returned HTTP response. This capability allows users to work around security headers and HTTP/1.1 framing headers by injecting entirely false responses or other new headers. The injected false responses may also be treated as the response to subsequent requests, which can lead to XSS, cache poisoning, and a number of other flaws. This issue was resolved by adding validation to the HTTPHeaders type, ensuring that there's no whitespace incorrectly present in the HTTP headers provided by users. As the existing API surface is non-failable, all invalid characters are replaced by linear whitespace. | 2022-09-28 | 7.5 | CVE-2022-3215 MISC |
apple -- tvos | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution. | 2022-09-23 | 8.8 | CVE-2022-22610 MISC MISC MISC MISC MISC |
apple -- tvos | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior. | 2022-09-23 | 8.8 | CVE-2022-22637 MISC MISC MISC MISC MISC |
apple -- tvos | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-09-23 | 8.8 | CVE-2022-22628 MISC MISC MISC MISC MISC |
arvados -- arvados | Arvados is an open source platform for managing and analyzing biomedical big data. In versions prior to 2.4.3, when using Portable Authentication Modules (PAM) for user authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host (such as an expired password), it would still be accepted for access to Arvados. Other authentication methods (LDAP, OpenID Connect) supported by Arvados are not affected by this flaw. This issue is patched in version 2.4.3. Workaround for this issue is to migrate to a different authentication method supported by Arvados, such as LDAP. | 2022-09-23 | 8.8 | CVE-2022-39238 CONFIRM |
b2evolution -- b2evolution | An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well. | 2022-09-28 | 9.1 | CVE-2022-30935 MISC MISC MISC |
centreon -- centreon | Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. | 2022-09-26 | 8.8 | CVE-2022-40043 MISC MISC |
checkpoint -- zonealarm | Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM. | 2022-09-27 | 8.8 | CVE-2022-41604 MISC MISC MISC |
cloudbase -- open_vswitch | In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | 2022-09-28 | 8.8 | CVE-2022-32166 MISC MISC |
cloudwego -- hertz | Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function. | 2022-09-28 | 7.5 | CVE-2022-40082 MISC MISC |
dell -- smartfabric_os10 | Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans. | 2022-09-28 | 7.5 | CVE-2022-34424 MISC |
denx -- u-boot | There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer. | 2022-09-23 | 7.1 | CVE-2022-2347 MISC |
dompdf -- dompdf | registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. | 2022-09-25 | 7.5 | CVE-2022-41343 MISC MISC MISC |
ec-cube -- product_image_bulk_upload | EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system. | 2022-09-27 | 9.8 | CVE-2022-37346 MISC MISC |
exam_reviewer_management -- exam_reviewer_management | In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE). | 2022-09-27 | 8.8 | CVE-2022-40878 MISC |
exam_reviewer_management -- exam_reviewer_management | Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter. | 2022-09-27 | 9.8 | CVE-2022-40877 MISC |
eyesofnetwork -- eyesofnetwork | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur. | 2022-09-27 | 9.8 | CVE-2022-41571 MISC |
eyesofnetwork -- eyesofnetwork | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur. | 2022-09-27 | 9.8 | CVE-2022-41570 MISC |
ffmpeg -- ffmpeg | A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 | 2022-09-23 | 7.8 | CVE-2022-2566 MISC |
flatpress -- flatpress | Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. | 2022-09-29 | 7.2 | CVE-2022-40048 MISC MISC |
food_ordering_management_system -- food_ordering_management_system | A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583. | 2022-09-28 | 9.8 | CVE-2022-3332 MISC MISC |
gavazziautomation -- cpy_car_park_server | In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands. | 2022-09-28 | 9.8 | CVE-2022-28811 CONFIRM |
gavazziautomation -- cpy_car_park_server | In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device. | 2022-09-28 | 9.8 | CVE-2022-28812 CONFIRM |
gavazziautomation -- cpy_car_park_server | In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device. | 2022-09-28 | 9.8 | CVE-2022-22522 CONFIRM |
gavazziautomation -- cpy_car_park_server | In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API. | 2022-09-28 | 9.8 | CVE-2022-22526 CONFIRM |
gavazziautomation -- cpy_car_park_server | In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services . | 2022-09-28 | 9.4 | CVE-2022-22524 CONFIRM |
gavazziautomation -- cpy_car_park_server | An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled. | 2022-09-28 | 7.5 | CVE-2022-22523 CONFIRM |
gavazziautomation -- cpy_car_park_server | Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device. | 2022-09-28 | 9.8 | CVE-2022-28814 CONFIRM |
gavazziautomation -- cpy_car_park_server | In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function | 2022-09-28 | 7.2 | CVE-2022-22525 CONFIRM |
google -- chrome | Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3045 MISC MISC GENTOO FEDORA |
google -- chrome | Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3195 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3199 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3049 MISC MISC GENTOO FEDORA |
google -- chrome | Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. | 2022-09-26 | 8.8 | CVE-2022-3051 MISC MISC GENTOO FEDORA |
google -- chrome | Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3043 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3042 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3046 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2022-09-26 | 8.8 | CVE-2022-3197 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3040 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3055 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2022-09-26 | 8.8 | CVE-2022-3196 MISC MISC GENTOO FEDORA |
google -- chrome | Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. | 2022-09-26 | 8.8 | CVE-2022-3052 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. | 2022-09-26 | 8.8 | CVE-2022-3058 MISC MISC GENTOO FEDORA |
google -- chrome | Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. | 2022-09-26 | 8.8 | CVE-2022-3050 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-2998 MISC MISC |
google -- chrome | Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3200 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-2852 MISC MISC FEDORA |
google -- chrome | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2022-09-26 | 8.8 | CVE-2022-3198 MISC MISC GENTOO FEDORA |
google -- chrome | Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-2853 MISC MISC FEDORA |
google -- chrome | Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3039 MISC MISC GENTOO FEDORA |
google -- chrome | Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2022-09-26 | 9.6 | CVE-2022-3075 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. | 2022-09-26 | 8.8 | CVE-2022-2859 MISC MISC FEDORA |
google -- chrome | Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-29 | 7.5 | CVE-2019-5797 MISC MISC |
google -- chrome | Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3038 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-3041 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-2854 MISC MISC FEDORA |
google -- chrome | Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-2855 MISC MISC FEDORA |
google -- chrome | Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 8.8 | CVE-2022-2857 MISC MISC FEDORA |
google -- chrome | Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. | 2022-09-26 | 8.8 | CVE-2022-3071 MISC MISC GENTOO FEDORA |
google -- chrome | Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. | 2022-09-26 | 8.8 | CVE-2022-2858 MISC MISC FEDORA |
grandstream -- gds3710 | an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access. | 2022-09-23 | 9.8 | CVE-2022-2025 CONFIRM |
grandstream -- gds3710 | In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default. | 2022-09-23 | 9.8 | CVE-2022-2070 CONFIRM |
graphicsmagick -- graphicsmagick | In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. | 2022-09-28 | 7.8 | CVE-2022-1270 MISC GENTOO |
hapijs -- hoek | hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function. | 2022-09-23 | 8.1 | CVE-2020-36604 MISC MISC |
ibm -- sterling_partner_engagement_manager | IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017. | 2022-09-23 | 7.1 | CVE-2022-34348 CONFIRM XF |
ibm -- websphere_mq | IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager. | 2022-09-29 | 7.5 | CVE-2012-2201 XF |
ikus-soft -- rdiffweb | Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. | 2022-09-23 | 9.8 | CVE-2022-3269 CONFIRM MISC |
ikus-soft -- rdiffweb | Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8. | 2022-09-26 | 7.5 | CVE-2022-3290 CONFIRM MISC |
ikus-soft -- rdiffweb | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. | 2022-09-26 | 7.5 | CVE-2022-3295 CONFIRM MISC |
ikus-soft -- rdiffweb | Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8. | 2022-09-26 | 7.5 | CVE-2022-3272 MISC CONFIRM |
ikus-soft -- rdiffweb | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. | 2022-09-26 | 7.5 | CVE-2022-3298 CONFIRM MISC |
insyde -- insydeh2o | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI. | 2022-09-23 | 8.2 | CVE-2022-36338 MISC MISC MISC |
insyde -- insydeh2o | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver. | 2022-09-28 | 8.2 | CVE-2022-36448 MISC MISC MISC |
insyde -- insydeh2o | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | 2022-09-23 | 8.2 | CVE-2022-35893 MISC MISC MISC |
jflyfox -- jfinal_cms | JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | 2022-09-27 | 8.8 | CVE-2022-37209 MISC MISC |
joblib -- joblib | The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. | 2022-09-26 | 9.8 | CVE-2022-21797 CONFIRM CONFIRM CONFIRM CONFIRM |
kovidgoyal -- kitty | In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. | 2022-09-23 | 7.8 | CVE-2022-41322 MISC MISC MISC MISC GENTOO FEDORA FEDORA |
labstack -- echo | Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). | 2022-09-28 | 9.6 | CVE-2022-40083 MISC |
lcnet -- smart_evision | Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service. | 2022-09-28 | 8.8 | CVE-2022-39032 MISC |
lcnet -- smart_evision | smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information. | 2022-09-28 | 7.5 | CVE-2022-39030 MISC |
lcnet -- smart_evision | Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete arbitrary system files to disrupt service. | 2022-09-28 | 9.8 | CVE-2022-39033 MISC |
linux -- linux | off-by-one in io_uring module. | 2022-09-26 | 7.8 | CVE-2022-3103 MISC |
linuxfoundation -- besu | Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations. In networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations. This issue is patched in version 22.7.1. As a workaround, reverting to version 22.1.3 or earlier will prevent incorrect execution. | 2022-09-24 | 9.1 | CVE-2022-36025 CONFIRM |
linuxfoundation -- fabric | A vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack. | 2022-09-23 | 7.5 | CVE-2022-35253 MISC MISC MISC |
mailcow -- mailcow | mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server. | 2022-09-27 | 8.2 | CVE-2022-39258 MISC CONFIRM |
makedeb -- mist | Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist. | 2022-09-26 | 7.8 | CVE-2022-39245 CONFIRM MISC MISC |
matrix -- javascript_sdk | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround. | 2022-09-28 | 7.5 | CVE-2022-39249 MISC CONFIRM MISC MISC MISC |
matrix -- javascript_sdk | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. | 2022-09-28 | 7.5 | CVE-2022-39251 MISC MISC MISC CONFIRM |
matrix -- software_development_kit | Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. | 2022-09-28 | 7.5 | CVE-2022-39257 MISC CONFIRM MISC MISC |
matrix -- software_development_kit | Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-ios-sdk version 0.23.19 has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. To avoid malicious backup attacks, one should not verify one's new logins using emoji/QR verifications methods until patched. | 2022-09-28 | 7.5 | CVE-2022-39255 MISC CONFIRM MISC MISC |
matrix -- software_development_kit | matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. matrix-android-sdk2 would then additionally sign such a key backup with its device key, spilling trust over to other devices trusting the matrix-android-sdk2 device. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-android-sdk2 version 1.5.1 has been modified to only accept Olm-encrypted to-device messages and to stop signing backups on a successful decryption. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. | 2022-09-28 | 7.5 | CVE-2022-39248 MISC MISC CONFIRM MISC |
measuresoft -- scadapro_server | The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges. | 2022-09-23 | 7.8 | CVE-2022-3263 CONFIRM |
metersphere -- metersphere | An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands. | 2022-09-29 | 9.8 | CVE-2021-45790 MISC |
metersphere -- metersphere | Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter. | 2022-09-29 | 8.8 | CVE-2021-45788 MISC |
mipcm -- mipc_camera | Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. This allows an attacker to gain remote code execution on cameras running the firmware when a victim logs into a specially crafted mobile app. | 2022-09-26 | 8.8 | CVE-2022-40785 MISC |
mipcm -- mipc_camera | Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406. | 2022-09-26 | 8.8 | CVE-2022-40784 MISC |
mz-automation -- libiec61850 | MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code. | 2022-09-23 | 9.8 | CVE-2022-2972 MISC |
mz-automation -- libiec61850 | MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload. | 2022-09-23 | 7.5 | CVE-2022-2971 MISC |
mz-automation -- libiec61850 | MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code. | 2022-09-23 | 9.8 | CVE-2022-2970 MISC |
mz-automation -- libiec61850 | MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server. | 2022-09-23 | 7.5 | CVE-2022-2973 MISC |
nepxion -- discovery | Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds. | 2022-09-24 | 9.8 | CVE-2022-23463 MISC |
nepxion -- discovery | Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds. | 2022-09-24 | 7.5 | CVE-2022-23464 MISC |
next-auth -- nextauth | `@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use `next-auth` Email Provider and `@next-auth/upstash-redis-adapter` before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation did not check for both the identifier (email) and the token, but only checking for the identifier when verifying the token in the email callback flow. An attacker who knows about the victim's email could easily sign in as the victim, given the attacker also knows about the verification token's expired duration. The vulnerability is patched in v3.0.2. A workaround is available. Using Advanced Initialization, developers can check the requests and compare the query's token and identifier before proceeding. | 2022-09-28 | 8.1 | CVE-2022-39263 CONFIRM MISC |
nic -- knot_resolver | Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. | 2022-09-23 | 7.5 | CVE-2022-40188 CONFIRM FEDORA FEDORA FEDORA |
nlnetlabs -- unbound | A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records. | 2022-09-26 | 7.5 | CVE-2022-3204 CONFIRM FEDORA |
notepad-plus-plus -- notepad-plus-plus | Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. | 2022-09-28 | 7.8 | CVE-2022-32168 CONFIRM MISC |
nuprocess -- nuprocess | NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's Java_java_lang_UNIXProcess_forkAndExec method (1.2.0+), attackers can use NUL characters in their strings to perform command line injection. Java's ProcessBuilder isn't vulnerable because of a check in ProcessBuilder.start. NuProcess is missing that check. This vulnerability can only be exploited to inject command line arguments on Linux. Version 2.0.5 contains a patch. As a workaround, users of the library can sanitize command strings to remove NUL characters prior to passing them to NuProcess for execution. | 2022-09-26 | 9.8 | CVE-2022-39243 MISC CONFIRM MISC |
online_banking_system -- online_banking_system | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php. | 2022-09-23 | 9.8 | CVE-2022-40118 MISC MISC |
online_banking_system -- online_banking_system | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php. | 2022-09-23 | 9.8 | CVE-2022-40115 MISC MISC |
online_banking_system -- online_banking_system | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php. | 2022-09-23 | 9.8 | CVE-2022-40116 MISC MISC |
online_banking_system -- online_banking_system | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php. | 2022-09-23 | 9.8 | CVE-2022-40120 MISC MISC |
online_banking_system -- online_banking_system | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php. | 2022-09-23 | 9.8 | CVE-2022-40114 MISC MISC |
online_banking_system -- online_banking_system | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php. | 2022-09-23 | 9.8 | CVE-2022-40119 MISC MISC |
online_banking_system -- online_banking_system | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php. | 2022-09-23 | 9.8 | CVE-2022-40117 MISC MISC |
online_banking_system -- online_banking_system | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php. | 2022-09-23 | 9.8 | CVE-2022-40121 MISC MISC |
online_banking_system -- online_banking_system | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php. | 2022-09-23 | 9.8 | CVE-2022-40122 MISC MISC |
online_banking_system -- online_banking_system | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php. | 2022-09-23 | 9.8 | CVE-2022-40113 MISC MISC |
online_leave_management_system -- online_leave_management_system | Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application. | 2022-09-26 | 7.2 | CVE-2022-40928 MISC |
online_leave_management_system -- online_leave_management_system | Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation. | 2022-09-26 | 7.2 | CVE-2022-40927 MISC |
online_leave_management_system -- online_leave_management_system | Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type. | 2022-09-26 | 7.2 | CVE-2022-40926 MISC |
online_market_place_site -- online_market_place_site | Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection.. | 2022-09-26 | 9.8 | CVE-2022-30004 MISC MISC |
online_tours_travels_management_system -- online_tours_travels_management_system | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_currency.php. | 2022-09-26 | 7.2 | CVE-2022-40097 MISC |
online_tours_travels_management_system -- online_tours_travels_management_system | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php. | 2022-09-26 | 7.2 | CVE-2022-40099 MISC |
online_tours_travels_management_system -- online_tours_travels_management_system | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php. | 2022-09-27 | 7.2 | CVE-2022-40354 MISC |
online_tours_travels_management_system -- online_tours_travels_management_system | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php. | 2022-09-27 | 7.2 | CVE-2022-40353 MISC |
online_tours_travels_management_system -- online_tours_travels_management_system | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php. | 2022-09-26 | 7.2 | CVE-2022-40098 MISC |
online_tours_travels_management_system -- online_tours_travels_management_system | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php. | 2022-09-27 | 7.2 | CVE-2022-40352 MISC |
open5gs -- open5gs | A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-209686 is the identifier assigned to this vulnerability. | 2022-09-28 | 7.5 | CVE-2022-3354 MISC MISC |
orckestra -- c1_cms | Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds. | 2022-09-27 | 8 | CVE-2022-39256 MISC MISC CONFIRM |
pbc -- pbc | An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137. | 2022-09-23 | 7.5 | CVE-2022-38936 MISC |
python-jwt -- python-jwt | python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds. | 2022-09-23 | 9.1 | CVE-2022-39227 MISC CONFIRM MISC |
qualcomm -- apq8009 | Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-26 | 7.8 | CVE-2022-22058 CONFIRM |
realtek -- rtl8195am | On Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task can be locked when there are frequent and continuous Wi-Fi connection failures for the Soft AP mode. | 2022-09-27 | 7.5 | CVE-2022-34326 MISC MISC |
redis -- redis | Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist. | 2022-09-23 | 9.8 | CVE-2022-35951 CONFIRM FEDORA GENTOO |
resumes_management_and_job_application_website_application -- resumes_management_and_job_application_website_application | SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php. | 2022-09-27 | 9.8 | CVE-2021-41433 MISC MISC |
rocket.chat -- rocket.chat | A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. | 2022-09-23 | 8.8 | CVE-2022-35248 MISC |
rocket.chat -- rocket.chat | A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret. | 2022-09-23 | 8.8 | CVE-2022-32211 MISC |
rockwellautomation -- thinmanager | Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution. | 2022-09-23 | 9.8 | CVE-2022-38742 MISC |
samsung -- tizenrt | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction). | 2022-09-29 | 7.5 | CVE-2022-40279 MISC MISC MISC |
samsung -- tizenrt | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service. | 2022-09-29 | 7.5 | CVE-2022-40278 MISC MISC MISC MISC |
scala-lang -- scala | Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain. | 2022-09-23 | 9.8 | CVE-2022-36944 MISC MISC |
secp256k1-js_project -- secp256k1-js | The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery. | 2022-09-24 | 7.5 | CVE-2022-41340 MISC MISC MISC MISC |
sophos -- firewall | A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | 2022-09-23 | 9.8 | CVE-2022-3236 CONFIRM |
strapi -- strapi | Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. | 2022-09-27 | 8.8 | CVE-2022-31367 MISC MISC MISC |
symfony -- twig | Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading. | 2022-09-28 | 7.5 | CVE-2022-39261 MISC CONFIRM CONFIRM |
tacitine -- en6200-prime_quad-35 | This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform session fixation on the targeted device. | 2022-09-23 | 9.8 | CVE-2022-40630 MISC MISC |
tacitine -- en6200-prime_quad-35 | This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device. | 2022-09-23 | 9.8 | CVE-2022-40628 MISC MISC |
tacitine -- en6200-prime_quad-35 | This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to insecure design in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to view sensitive information on the targeted device. | 2022-09-23 | 7.5 | CVE-2022-40629 MISC MISC |
tenda -- ac18 | Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/ | 2022-09-23 | 7.2 | CVE-2022-40861 MISC |
tenda -- ac18 | Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set | 2022-09-23 | 9.8 | CVE-2022-40854 MISC |
tenda -- i9 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | 2022-09-23 | 7.5 | CVE-2022-40106 MISC |
tenda -- i9 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | 2022-09-23 | 7.5 | CVE-2022-40107 MISC |
tenda -- i9 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | 2022-09-23 | 7.5 | CVE-2022-40105 MISC |
tenda -- i9 | Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function. | 2022-09-23 | 9.8 | CVE-2022-40100 MISC |
tenda -- i9 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | 2022-09-23 | 7.5 | CVE-2022-40102 MISC |
tenda -- i9 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | 2022-09-23 | 7.5 | CVE-2022-40101 MISC |
tenda -- i9 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | 2022-09-23 | 7.5 | CVE-2022-40104 MISC |
tenda -- tx3 | Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time. | 2022-09-28 | 9.8 | CVE-2022-40942 MISC |
tenda -- w20e | Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/ | 2022-09-23 | 9.8 | CVE-2022-40866 MISC |
tenda -- w20e | Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/ | 2022-09-23 | 9.8 | CVE-2022-40867 MISC |
tenda -- w20e | Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/ | 2022-09-23 | 9.8 | CVE-2022-40868 MISC |
tenda -- w20e | Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. | 2022-09-23 | 9.8 | CVE-2022-40855 MISC |
toaruos -- toaruos | readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. | 2022-09-27 | 7.8 | CVE-2022-38932 MISC |
tp-link -- archer_ax10_v1 | TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file. | 2022-09-28 | 8.8 | CVE-2022-40486 MISC MISC MISC |
trendmicro -- deep_security | A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-09-28 | 7.8 | CVE-2022-40710 N/A N/A |
trudesk_project -- trudesk | The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service. | 2022-09-29 | 7.5 | CVE-2022-1718 CONFIRM MISC |
ui -- desktop | A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM. | 2022-09-23 | 7.8 | CVE-2022-35257 MISC |
vim -- vim | Use After Free in GitHub repository vim/vim prior to 9.0.0614. | 2022-09-29 | 7.8 | CVE-2022-3352 CONFIRM MISC |
vim -- vim | Use After Free in GitHub repository vim/vim prior to 9.0.0579. | 2022-09-25 | 7.8 | CVE-2022-3297 MISC CONFIRM |
vim -- vim | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. | 2022-09-25 | 7.8 | CVE-2022-3296 MISC CONFIRM |
vim -- vim | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. | 2022-09-27 | 7.8 | CVE-2022-3324 CONFIRM MISC |
wayland -- wayland | An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time. | 2022-09-23 | 9.8 | CVE-2021-3782 MISC |
wazuh -- wazuh | Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. | 2022-09-28 | 8.8 | CVE-2022-40497 MISC |
wedding_planner -- wedding_planner | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php. | 2022-09-26 | 9.8 | CVE-2022-40483 MISC |
wedding_planner -- wedding_planner | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php. | 2022-09-26 | 9.8 | CVE-2022-40485 MISC |
wedding_planner -- wedding_planner | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php. | 2022-09-26 | 7.2 | CVE-2022-40403 MISC |
wedding_planner -- wedding_planner | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php. | 2022-09-26 | 9.8 | CVE-2022-40484 MISC |
wedding_planner -- wedding_planner | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php. | 2022-09-26 | 8.8 | CVE-2022-40402 MISC |
wedding_planner -- wedding_planner | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php. | 2022-09-26 | 8.8 | CVE-2022-40404 MISC |
wordpress -- wordpress | The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file | 2022-09-26 | 8.8 | CVE-2021-24890 MISC CONFIRM |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress. | 2022-09-23 | 8.8 | CVE-2022-38085 CONFIRM CONFIRM |
wordpress -- wordpress | Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | 2022-09-23 | 8.8 | CVE-2022-38134 CONFIRM CONFIRM |
wordpress -- wordpress | The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example. | 2022-09-26 | 7.2 | CVE-2022-2352 MISC |
wordpress -- wordpress | The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 2022-09-26 | 7.2 | CVE-2022-2903 MISC |
wordpress -- wordpress | The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication | 2022-09-26 | 7.5 | CVE-2022-2987 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. | 2022-09-23 | 8.8 | CVE-2022-38079 CONFIRM CONFIRM |
wordpress -- wordpress | The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. | 2022-09-26 | 7.2 | CVE-2022-3076 MISC |
wordpress -- wordpress | Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress | 2022-09-23 | 7.5 | CVE-2022-40194 CONFIRM CONFIRM |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress. | 2022-09-23 | 8.8 | CVE-2022-38454 CONFIRM CONFIRM |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | 2022-09-23 | 8.8 | CVE-2022-38470 CONFIRM CONFIRM |
wordpress -- wordpress | The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address | 2022-09-26 | 7.5 | CVE-2022-3119 MISC |
xpdfreader -- xpdf | There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. | 2022-09-29 | 7.8 | CVE-2022-38222 MISC |
xuxueli -- xxl-job | XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. | 2022-09-28 | 9.8 | CVE-2022-40929 MISC |
zfile -- zfile | ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. | 2022-09-26 | 9.8 | CVE-2022-40050 MISC |
zimbra -- collaboration | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. | 2022-09-26 | 7.8 | CVE-2022-41347 MISC MISC MISC MISC |
zimbra -- collaboration | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio. | 2022-09-26 | 9.8 | CVE-2022-41352 MISC MISC MISC |
zoo_management_system -- zoo_management_system | Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system. | 2022-09-26 | 7.2 | CVE-2022-40925 MISC |
zoo_management_system -- zoo_management_system | Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system. | 2022-09-26 | 7.2 | CVE-2022-40924 MISC |
zte -- zxa10_b76hv3 | There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. | 2022-09-23 | 9.1 | CVE-2022-23144 MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. | 2022-09-29 | 9.8 | CVE-2020-15331 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. | 2022-09-29 | 7.5 | CVE-2020-15340 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. | 2022-09-29 | 7.5 | CVE-2020-15341 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. | 2022-09-29 | 9.8 | CVE-2020-15347 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. | 2022-09-29 | 9.8 | CVE-2020-15332 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. | 2022-09-29 | 7.5 | CVE-2020-15327 MISC MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
10up -- restricted_site_access | The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations. | 2022-09-26 | 5.3 | CVE-2022-1613 MISC |
3d_tag_cloud_project -- 3d_tag_cloud | Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress. | 2022-09-23 | 6.1 | CVE-2022-36417 CONFIRM CONFIRM |
add_shortcodes_actions_and_filters_project -- add_shortcodes_actions_and_filters | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability Add Shortcodes Actions And Filters plugin <= 2.0.9 at WordPress. | 2022-09-23 | 4.8 | CVE-2022-37342 CONFIRM CONFIRM |
adobe -- download_manager | The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory | 2022-09-26 | 4.9 | CVE-2022-2926 MISC |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | 2022-09-23 | 5.4 | CVE-2022-38438 MISC |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | 2022-09-23 | 5.4 | CVE-2022-38439 MISC |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | 2022-09-30 | 5.4 | CVE-2022-28851 MISC |
ajaxplorer -- ajaxplorer | An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload. | 2022-09-23 | 5.4 | CVE-2022-40358 MISC MISC |
algolplus -- advanced_dynamic_pricing_for_woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress. | 2022-09-23 | 4.3 | CVE-2022-38095 CONFIRM CONFIRM |
amazon -- fhir-works-on-aws-authz-smart | fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s OAuth scope permits when making “search-type” requests. This issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access. Users of fhir-works-on-aws-authz-smart 3.1.1 or 3.1.2 should upgrade to version 3.1.3 or higher immediately. Versions 3.1.0 and below are unaffected. There is no workaround for this issue. | 2022-09-23 | 6.5 | CVE-2022-39230 CONFIRM |
apache -- pulsar | TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle attacks, which could leak credentials, configuration data, message data, and any other data sent by these clients. The vulnerability is for both the pulsar+ssl protocol and HTTPS. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. This issue affects Apache Pulsar Broker, Proxy, and WebSocket Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier. | 2022-09-23 | 5.9 | CVE-2022-33682 MISC |
apache -- pulsar | Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication data is sent before verifying the server’s TLS certificate matches the hostname, which means authentication data could be exposed to an attacker. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. Because the client sends authentication data before performing hostname verification, an attacker could gain access to the client’s authentication data. The client eventually closes the connection when it verifies the hostname and identifies the targeted hostname does not match a hostname on the certificate. Because the client eventually closes the connection, the value of the intercepted authentication data depends on the authentication method used by the client. Token based authentication and username/password authentication methods are vulnerable because the authentication data can be used to impersonate the client in a separate session. This issue affects Apache Pulsar Java Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier. | 2022-09-23 | 5.9 | CVE-2022-33681 MISC |
apache -- pulsar | Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middle attacks, which could leak authentication data, configuration data, and any other data sent by these clients. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. This issue affects Apache Pulsar Broker and Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier. | 2022-09-23 | 5.9 | CVE-2022-33683 MISC |
apache -- tomcat | The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. | 2022-09-28 | 5.3 | CVE-2021-43980 MISC MLIST |
apasionados -- export_post_info | Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress. | 2022-09-23 | 5.7 | CVE-2022-38061 CONFIRM CONFIRM |
apple -- macos | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information. | 2022-09-23 | 5.5 | CVE-2022-32823 MISC MISC MISC MISC MISC MISC |
apple -- macos | This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information. | 2022-09-23 | 4.4 | CVE-2022-32781 MISC MISC MISC MISC |
apple -- macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences. | 2022-09-23 | 5.5 | CVE-2022-32789 MISC |
apple -- macos | This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root privileges may be able to access private information. | 2022-09-23 | 4.4 | CVE-2022-32782 MISC |
apple -- macos | An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system. | 2022-09-23 | 5.5 | CVE-2022-32786 MISC MISC MISC |
apple -- macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth. | 2022-09-23 | 5.5 | CVE-2022-32783 MISC |
apple -- macos | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information. | 2022-09-23 | 5.9 | CVE-2022-32799 MISC MISC |
apple -- macos | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory. | 2022-09-23 | 5.5 | CVE-2022-32817 MISC MISC MISC MISC |
apple -- macos | The issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to access sensitive user information. | 2022-09-23 | 5.5 | CVE-2022-32805 MISC MISC MISC |
apple -- macos | A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service. | 2022-09-23 | 5.5 | CVE-2022-32785 MISC MISC MISC MISC |
apple -- macos | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | 2022-09-23 | 5.5 | CVE-2022-32849 MISC MISC MISC MISC MISC |
apple -- macos | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system. | 2022-09-23 | 5.5 | CVE-2022-32800 MISC MISC MISC |
apple -- macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to capture a user’s screen. | 2022-09-23 | 5.5 | CVE-2022-32848 MISC MISC |
apple -- macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state. | 2022-09-23 | 5.5 | CVE-2022-32818 MISC |
apple -- macos | The issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image may result in disclosure of process memory. | 2022-09-23 | 5.5 | CVE-2022-32841 MISC MISC MISC MISC |
apple -- macos | An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information. | 2022-09-23 | 5.5 | CVE-2022-26707 MISC |
apple -- macos | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges. | 2022-09-23 | 6.7 | CVE-2022-32832 MISC MISC MISC MISC MISC MISC |
apple -- macos | The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. | 2022-09-23 | 6.5 | CVE-2022-32816 MISC MISC MISC MISC |
apple -- macos | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory. | 2022-09-23 | 5.5 | CVE-2022-32825 MISC MISC MISC MISC MISC |
apple -- macos | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory. | 2022-09-23 | 5.5 | CVE-2022-32828 MISC MISC MISC |
asus -- armoury_crate_service | Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system. | 2022-09-28 | 5.9 | CVE-2022-38699 MISC |
asus -- rt-ax88u_firmware | An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. | 2022-09-26 | 6.5 | CVE-2021-41437 MISC CONFIRM |
bitcoin\/altcoin_faucet_project -- bitcoin\/altcoin_faucet | The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues | 2022-09-26 | 5.4 | CVE-2022-3025 MISC |
blazzdev -- rate_my_post_-_wp_rating_system | Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress. | 2022-09-23 | 4.3 | CVE-2022-40671 CONFIRM CONFIRM |
blossomthemes -- blossom_recipe_maker | Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress. | 2022-09-23 | 5.4 | CVE-2022-37338 CONFIRM CONFIRM |
bytebase -- bytebase | The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”. | 2022-09-28 | 4.3 | CVE-2022-32170 MISC MISC |
bytebase -- bytebase | The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”. | 2022-09-28 | 4.3 | CVE-2022-32169 MISC MISC |
castos -- seriously_simple_podcasting | Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change. | 2022-09-23 | 4.3 | CVE-2022-40132 CONFIRM CONFIRM |
centreon -- centreon | Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | 2022-09-26 | 5.4 | CVE-2022-40044 MISC MISC |
clogica -- seo_redirection | Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history. | 2022-09-23 | 4.3 | CVE-2022-38704 CONFIRM CONFIRM |
connectwise -- connectwise | WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor the traffic, and perform a brute force on the session code in order to get in. Sensitive data about the company , get in a session. | 2022-09-28 | 5.3 | CVE-2022-36781 MISC |
cowell_enterprise_travel_management_system_project -- cowell_enterprise_travel_management_system | Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | 2022-09-28 | 6.1 | CVE-2022-39054 MISC |
creativeitem -- academy_learning_management_system | Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. | 2022-09-26 | 6.1 | CVE-2022-38553 MISC MISC MISC MISC MISC |
dell -- smartfabric_os10 | Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. | 2022-09-28 | 4.9 | CVE-2022-29089 MISC |
ec-cube -- ec-cube | DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page. | 2022-09-27 | 5.4 | CVE-2022-38975 MISC MISC |
elastic -- elastic_cloud_enterprise | A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. | 2022-09-28 | 5.3 | CVE-2022-23716 MISC MISC |
etaplighting -- etap_safety_manager | ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site. | 2022-09-28 | 6.1 | CVE-2022-40912 MISC |
expense_management_system_project -- expense_management_system | A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php. | 2022-09-28 | 5.4 | CVE-2021-41434 MISC MISC |
express_xss_sanitizer_project -- express_xss_sanitizer | The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization. | 2022-09-26 | 6.1 | CVE-2022-21169 CONFIRM CONFIRM CONFIRM CONFIRM |
f-secure -- internet_gatekeeper | A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine | 2022-09-23 | 5.5 | CVE-2022-28886 MISC MISC |
fullworksplugins -- meet_my_team | Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress. | 2022-09-23 | 5.4 | CVE-2022-37339 CONFIRM CONFIRM |
fusionpbx -- fusionpbx | An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory). | 2022-09-29 | 6.5 | CVE-2021-43403 MISC |
fwupd -- fwupd | When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. | 2022-09-28 | 6.5 | CVE-2022-3287 MISC |
gajim -- gajim | An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0. | 2022-09-27 | 5.3 | CVE-2022-39835 MISC MISC |
gavazziautomation -- cpy_car_park_server | In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service. | 2022-09-28 | 6.1 | CVE-2022-28816 CONFIRM |
gavazziautomation -- cpy_car_park_server | In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device. | 2022-09-28 | 5.3 | CVE-2022-28813 CONFIRM |
glfusion -- glfusion | glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application's response. | 2022-09-29 | 6.1 | CVE-2021-45843 MISC |
google -- chrome | Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | 2022-09-26 | 6.5 | CVE-2022-3044 MISC MISC GENTOO FEDORA |
google -- chrome | Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. | 2022-09-26 | 5.4 | CVE-2022-3201 MISC MISC GENTOO DEBIAN FEDORA |
google -- chrome | Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device. | 2022-09-26 | 6.8 | CVE-2022-3048 MISC MISC GENTOO FEDORA |
google -- chrome | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 2022-09-26 | 6.5 | CVE-2022-3056 MISC MISC GENTOO FEDORA |
google -- chrome | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. | 2022-09-26 | 6.5 | CVE-2022-2856 MISC MISC FEDORA |
google -- chrome | Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. | 2022-09-26 | 6.5 | CVE-2022-3047 MISC MISC GENTOO FEDORA |
google -- chrome | Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-09-26 | 6.5 | CVE-2022-3054 MISC MISC GENTOO FEDORA |
google -- chrome | Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. | 2022-09-26 | 6.5 | CVE-2022-2860 MISC MISC FEDORA |
google -- chrome | Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. | 2022-09-26 | 6.5 | CVE-2022-2861 MISC MISC FEDORA |
google -- chrome | Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2022-09-26 | 6.5 | CVE-2022-3057 MISC MISC GENTOO FEDORA |
google -- chrome | Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. | 2022-09-26 | 4.3 | CVE-2022-3053 MISC MISC GENTOO FEDORA |
gunkastudios -- login_block_ips | The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2022-09-26 | 4.3 | CVE-2022-3098 MISC |
hashicorp -- consul | HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2." | 2022-09-23 | 6.5 | CVE-2022-40716 MISC MISC |
heimavista -- dark_horse_rpage | Heimavista Rpage has insufficient filtering for platform web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | 2022-09-28 | 6.1 | CVE-2022-39053 MISC |
hitach -- vantara | A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3. | 2022-09-26 | 4.9 | CVE-2021-28052 MISC MISC |
ibm -- application_gateway | IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965. | 2022-09-28 | 5.4 | CVE-2022-22387 XF CONFIRM |
ibm -- common_cryptographic_architecture | IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596. | 2022-09-23 | 5.5 | CVE-2022-22423 XF CONFIRM |
ibm -- infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586. | 2022-09-23 | 5.4 | CVE-2022-40748 XF CONFIRM |
ibm -- infosphere_information_server | IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system. | 2022-09-29 | 6.5 | CVE-2012-4818 MISC XF |
ibm -- java_sdk | IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | 2022-09-29 | 5.5 | CVE-2015-1931 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
ibm -- jazz_for_service_management | IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381. | 2022-09-28 | 5.4 | CVE-2022-35722 CONFIRM XF |
ibm -- jazz_for_service_management | IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380. | 2022-09-23 | 5.4 | CVE-2022-35721 CONFIRM XF |
ibm -- qradar_user_behavior_analytics | IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791. | 2022-09-28 | 6.5 | CVE-2022-36771 XF CONFIRM |
ibm -- rational_asset_manager | IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences. | 2022-09-29 | 4.3 | CVE-2011-4820 XF |
ibm -- rational_change | IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | 2022-09-29 | 6.1 | CVE-2012-2160 MISC XF |
ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data. | 2022-09-28 | 6.5 | CVE-2022-35282 XF CONFIRM |
iegeek -- ig20_firmware | ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices. | 2022-09-26 | 6.5 | CVE-2022-38970 MISC |
ikus-soft -- rdiffweb | Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8. | 2022-09-28 | 4.6 | CVE-2022-3292 CONFIRM MISC |
inventree_project -- inventree | Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3. | 2022-09-29 | 5.4 | CVE-2022-3355 CONFIRM MISC |
iris -- isams | ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application. | 2022-09-27 | 5.4 | CVE-2022-37028 MISC MISC |
ivanti -- endpoint_manager | The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system. | 2022-09-23 | 6.7 | CVE-2022-30121 MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable | 2022-09-23 | 5.3 | CVE-2022-40979 MISC |
kfm_project -- kfm | Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php. | 2022-09-23 | 6.1 | CVE-2022-40359 MISC MISC |
lcnet -- smart_evision | Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information. | 2022-09-28 | 6.5 | CVE-2022-39029 MISC |
lcnet -- smart_evision | Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files. | 2022-09-28 | 6.5 | CVE-2022-39034 MISC |
lcnet -- smart_evision | Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only. | 2022-09-28 | 5.3 | CVE-2022-39031 MISC |
lcnet -- smart_evision | Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. | 2022-09-28 | 5.4 | CVE-2022-39035 MISC |
linux -- linux_kernel | A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition | 2022-09-27 | 4.7 | CVE-2022-3303 MISC MISC |
linux -- linux_kernel | There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c | 2022-09-23 | 5.5 | CVE-2022-2785 CONFIRM CONFIRM |
mailoptin -- mailoptin | Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress. | 2022-09-23 | 5.3 | CVE-2022-36340 CONFIRM CONFIRM |
matrix -- javascript_sdk | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is patched in matrix-js-sdk v19.7.0. Redacting applicable events, waiting for the sync processor to store data, and restarting the client are possible workarounds. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue. | 2022-09-28 | 5.3 | CVE-2022-39236 MISC MISC MISC CONFIRM |
matrix -- software_development_kit | matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. Starting with version 1.5.1, the default policy for accepting key forwards has been made more strict in the matrix-android-sdk2. The matrix-android-sdk2 will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). As a workaroubnd, current users of the SDK can disable key forwarding in their forks using `CryptoService#enableKeyGossiping(enable: Boolean)`. | 2022-09-28 | 5.3 | CVE-2022-39246 MISC CONFIRM MISC MISC |
mattermost -- mattermost_server | Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service. | 2022-09-23 | 6.5 | CVE-2022-3257 MISC MISC |
mediawiki -- mediawiki | An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript. | 2022-09-29 | 6.1 | CVE-2021-42046 MISC MISC MISC |
mediawiki -- mediawiki | An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits. | 2022-09-29 | 4.8 | CVE-2021-42048 MISC MISC |
mediawiki -- mediawiki | An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions. | 2022-09-29 | 6.5 | CVE-2021-42049 MISC MISC |
mediawiki -- mediawiki | An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback. | 2022-09-29 | 5.4 | CVE-2021-42047 MISC MISC |
metersphere -- metersphere | An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function. | 2022-09-29 | 6.5 | CVE-2021-45789 MISC |
mygraph_project -- mygraph | MyGraph is a permission management system. Versions prior to 1.0.4 are vulnerable to a storage XSS vulnerability leading to Remote Code Execution. This issue is patched in version 1.0.4. There is no known workaround. | 2022-09-24 | 5.4 | CVE-2022-39240 CONFIRM |
nheko_project -- nheko | nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one's own devices, and/or avoid pressing the request button in the settings menu. | 2022-09-28 | 5.9 | CVE-2022-39264 CONFIRM MISC MISC FEDORA |
notice_board_project -- notice_board | Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress. | 2022-09-23 | 5.4 | CVE-2022-38460 CONFIRM CONFIRM |
nuxtjs -- netlify-ipx | netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be achieved by requesting a malicious SVG with embedded scripts, which would then be served from the site domain. Note that this does not apply to images loaded in `<img>` tags, as scripts do not execute in this context. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. This problem has been fixed in version 1.2.3. As a workaround, cached content can be cleared by re-deploying the site. | 2022-09-23 | 5.4 | CVE-2022-39239 CONFIRM |
octopus -- octopus_server | In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space. | 2022-09-28 | 4.3 | CVE-2022-2760 MISC |
online_market_place_site_project -- online_market_place_site | Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields. | 2022-09-26 | 5.4 | CVE-2022-30003 MISC MISC |
ovirt -- ovirt-engine | An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages. | 2022-09-28 | 6.1 | CVE-2022-3193 MISC |
oxilab -- image_hover_effects_ultimate | The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users. | 2022-09-23 | 5.4 | CVE-2022-2937 MISC MISC |
parity -- frontier | Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can construct blocks with transactions that have large amount of refunds or unused gases with reverts, and as a result inflate up the chain gas prices. The impact of this issue is limited in that the spamming attack would still be costly for any adversary, and it has no ability to alter any chain state. This issue has been patched in commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658. There are no known workarounds. | 2022-09-24 | 5.3 | CVE-2022-39242 MISC CONFIRM |
php -- php | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. | 2022-09-28 | 6.5 | CVE-2022-31629 MISC |
php -- php | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. | 2022-09-28 | 5.5 | CVE-2022-31628 MISC |
quantumcloud -- slider_hero | The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks. | 2022-09-26 | 4.8 | CVE-2022-3074 MISC |
rocket.chat -- rocket.chat | A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. | 2022-09-23 | 5.3 | CVE-2022-32217 MISC |
rocket.chat -- rocket.chat | An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code). | 2022-09-23 | 6.8 | CVE-2022-30124 MISC |
rocket.chat -- rocket.chat | An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. | 2022-09-23 | 4.3 | CVE-2022-32218 MISC |
rocket.chat -- rocket.chat | An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). This means virtually any authenticated user can access any data (except password hashes) of any user authenticated. | 2022-09-23 | 4.3 | CVE-2022-32219 MISC |
rocket.chat -- rocket.chat | An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | 2022-09-23 | 6.5 | CVE-2022-32220 MISC |
rocket.chat -- rocket.chat | An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching rid String a$regex query can be executed, bypassing the room access permission check for every but the first matching room. | 2022-09-23 | 4.3 | CVE-2022-32226 MISC |
rocket.chat -- rocket.chat | An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs. | 2022-09-23 | 4.3 | CVE-2022-32228 MISC |
rocket.chat -- rocket.chat | A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product. | 2022-09-23 | 6.5 | CVE-2022-32227 MISC |
rocket.chat -- rocket.chat | A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed. | 2022-09-23 | 5.4 | CVE-2022-35251 MISC |
rocket.chat -- rocket.chat | A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection. | 2022-09-23 | 4.3 | CVE-2022-32229 MISC |
rocket.chat -- rocket.chat | A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions. | 2022-09-23 | 4.3 | CVE-2022-35250 MISC |
rocket.chat -- rocket.chat | A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | 2022-09-23 | 4.3 | CVE-2022-35249 MISC |
rocket.chat -- rocket.chat | A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients. | 2022-09-23 | 4.3 | CVE-2022-35247 MISC |
rocket.chat -- rocket.chat | A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access. | 2022-09-23 | 4.3 | CVE-2022-35246 MISC |
seo_smart_links_project -- seo_smart_links | The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-09-26 | 4.8 | CVE-2022-3135 MISC |
simple_bitcoin_faucets_project -- simple_bitcoin_faucets | The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues | 2022-09-26 | 5.4 | CVE-2022-3024 MISC |
simplefilelist -- simple-file-list | The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting | 2022-09-26 | 6.1 | CVE-2022-3062 MISC |
sony -- playstation_4_firmware | A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical device. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-209679. | 2022-09-28 | 6.8 | CVE-2022-3349 MISC MISC |
svg_support_wordpress -- svg_support | The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks | 2022-09-26 | 5.4 | CVE-2022-1755 MISC |
swftools -- swftools | SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc. | 2022-09-23 | 5.5 | CVE-2022-35099 MISC MISC |
swftools -- swftools | SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c. | 2022-09-23 | 5.5 | CVE-2022-35096 MISC MISC |
swftools -- swftools | SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc. | 2022-09-23 | 5.5 | CVE-2022-35097 MISC MISC |
swftools -- swftools | SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow() | 2022-09-23 | 5.5 | CVE-2022-35091 MISC MISC |
swftools -- swftools | SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c. | 2022-09-23 | 5.5 | CVE-2022-35092 MISC MISC |
swftools -- swftools | SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. | 2022-09-23 | 5.5 | CVE-2022-35093 MISC MISC |
swftools -- swftools | SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. | 2022-09-23 | 5.5 | CVE-2022-35094 MISC MISC |
swftools -- swftools | SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc. | 2022-09-23 | 5.5 | CVE-2022-35098 MISC MISC |
swftools -- swftools | SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc. | 2022-09-23 | 5.5 | CVE-2022-35095 MISC MISC |
tabs_project -- tabs | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress. | 2022-09-23 | 5.4 | CVE-2022-40215 CONFIRM CONFIRM |
tenda -- i9_firmware | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | 2022-09-23 | 5.5 | CVE-2022-40103 MISC |
themehunk -- wp_popup_builder | The WP Popup Builder WordPress plugin through 1.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 2022-09-26 | 6.1 | CVE-2022-2404 MISC |
themehunk -- wp_popup_builder | The WP Popup Builder WordPress plugin through 1.2.8 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup | 2022-09-26 | 4.3 | CVE-2022-2405 MISC |
tooljet -- tooljet | Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim. | 2022-09-28 | 4.9 | CVE-2022-3348 CONFIRM MISC |
trudesk_project -- trudesk | Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page | 2022-09-29 | 5.4 | CVE-2022-1719 CONFIRM MISC |
velneo -- vclient | Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials. | 2022-09-23 | 5.9 | CVE-2021-45035 CONFIRM CONFIRM MISC MISC |
veritas -- system_recovery | Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | 2022-09-23 | 6.5 | CVE-2022-41320 MISC |
vim -- vim | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. | 2022-09-29 | 5.5 | CVE-2022-1725 CONFIRM MISC |
vim -- vim | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. | 2022-09-23 | 5.5 | CVE-2022-3278 MISC CONFIRM |
vtiger -- vtiger_crm | Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. | 2022-09-27 | 5.4 | CVE-2022-38335 MISC MISC MISC |
webhelpagency -- wha_crossword | Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA Crossword plugin <= 1.1.10 at WordPress. | 2022-09-23 | 5.4 | CVE-2022-37330 CONFIRM CONFIRM |
wordlift -- wordlift | The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-09-26 | 4.8 | CVE-2022-3069 MISC |
wpchill -- cpo_shortcodes | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress. | 2022-09-23 | 4.8 | CVE-2022-40672 CONFIRM CONFIRM |
xbifrost -- bifrost | Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds. | 2022-09-26 | 6.5 | CVE-2022-39219 MISC MISC CONFIRM |
xdsoft -- jodit_editor | Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds. | 2022-09-24 | 6.1 | CVE-2022-23461 CONFIRM |
zammad -- zammad | Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2. | 2022-09-27 | 4.3 | CVE-2022-40817 MISC |
zammad -- zammad | Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2. | 2022-09-27 | 6.5 | CVE-2022-40816 MISC |
zealousweb -- generate_pdf_using_contact_form_7 | The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-09-26 | 4.8 | CVE-2022-3070 MISC |
zephyr-one -- zephyr_project_manager | A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability. | 2022-09-28 | 5.4 | CVE-2022-3333 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. | 2022-09-29 | 5.3 | CVE-2020-15337 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. | 2022-09-29 | 5.3 | CVE-2020-15329 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. | 2022-09-29 | 5.3 | CVE-2020-15330 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. | 2022-09-29 | 5.3 | CVE-2020-15326 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. | 2022-09-29 | 5.3 | CVE-2020-15325 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file. | 2022-09-29 | 5.3 | CVE-2020-15334 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. | 2022-09-29 | 6.1 | CVE-2020-15339 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. | 2022-09-29 | 5.3 | CVE-2020-15338 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. | 2022-09-29 | 5.3 | CVE-2020-15333 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. | 2022-09-29 | 5.3 | CVE-2020-15343 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. | 2022-09-29 | 5.3 | CVE-2020-15344 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. | 2022-09-29 | 5.3 | CVE-2020-15345 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. | 2022-09-29 | 5.3 | CVE-2020-15346 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. | 2022-09-29 | 5.3 | CVE-2020-15342 MISC MISC |
zyxel -- cloudcnm_secumanager | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. | 2022-09-29 | 5.3 | CVE-2020-15328 MISC MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
blazzdev -- rate_my_post_-_wp_rating_system | Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes. | 2022-09-23 | 3.1 | CVE-2022-40310 CONFIRM CONFIRM |
dell -- smartfabric_os10 | Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information. | 2022-09-28 | 3.7 | CVE-2022-34394 MISC |
ec-cube -- ec-cube | Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information. | 2022-09-27 | 2.7 | CVE-2022-40199 MISC MISC |
gavazziautomation -- cpy_car_park_server | In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service. | 2022-09-28 | 2.7 | CVE-2022-28815 CONFIRM |
haxx -- curl | When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. | 2022-09-23 | 3.7 | CVE-2022-35252 MISC CONFIRM |
ikus-soft -- rdiffweb | Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8. | 2022-09-26 | 2.4 | CVE-2022-3301 CONFIRM MISC |
parseplatform -- parse-server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for _Facebook_ and _Spotify_ may be circumvented. Configurations which allow users to authenticate using the Parse Server authentication adapter where `appIds` is set as a string instead of an array of strings authenticate requests from an app with a different app ID than the one specified in the `appIds` configuration. For this vulnerability to be exploited, an attacker needs to be assigned an app ID by the authentication provider which is a sub-set of the server-side configured app ID. This issue is patched in versions 4.10.16 and 5.2.7. There are no known workarounds. | 2022-09-23 | 3.7 | CVE-2022-39231 CONFIRM |
parseplatform -- parse-server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker can assign the session object to their own user by writing to the `user` field and then read any custom fields of that session object. Note that assigning a session to another user does not usually change the privileges of either of the two users, and a user cannot assign their own session to another user. This issue is patched in version 4.10.15 and above, and 5.2.6 and above. To mitigate this issue in unpatched versions add a `beforeSave` trigger to the `_Session` class and prevent writing if the requesting user is different from the user in the session object. | 2022-09-23 | 3.1 | CVE-2022-39225 CONFIRM |
toaruos -- toaruos | readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file. | 2022-09-28 | 3.3 | CVE-2022-38934 MISC |
trendmicro -- deep_security | An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708. | 2022-09-28 | 3.3 | CVE-2022-40707 N/A N/A |
trendmicro -- deep_security | An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707. | 2022-09-28 | 3.3 | CVE-2022-40708 N/A N/A |
trendmicro -- deep_security | An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708. | 2022-09-28 | 3.3 | CVE-2022-40709 N/A N/A |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
actian -- zen | If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database. | 2022-09-30 | not yet calculated | CVE-2022-40756 MISC MISC |
amazon -- redshift | In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. | 2022-09-29 | not yet calculated | CVE-2022-41828 MISC |
ampere -- altra_and_altra_max | Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system. | 2022-09-29 | not yet calculated | CVE-2022-35888 MISC MISC |
applock -- applock | AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations. | 2022-09-30 | not yet calculated | CVE-2022-1959 MISC MISC |
bento4 -- bento4 | An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp. | 2022-09-30 | not yet calculated | CVE-2022-41847 MISC MISC MISC |
bento4 -- bento4 | An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File. | 2022-09-30 | not yet calculated | CVE-2022-41841 MISC |
bento4 -- bento4 | An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h. | 2022-09-30 | not yet calculated | CVE-2022-41845 MISC MISC |
bento4 -- bento4 | An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. | 2022-09-30 | not yet calculated | CVE-2022-41846 MISC MISC |
bigbluebutton -- bigbluebutton | In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js. | 2022-09-29 | not yet calculated | CVE-2020-27601 MISC MISC |
bigbluebutton -- bigbluebutton | BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken. | 2022-09-29 | not yet calculated | CVE-2020-27602 MISC MISC |
bigprof -- online_invoicing_system | BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments. | 2022-09-29 | not yet calculated | CVE-2020-35674 MISC |
bigprof -- online_invoicing_system | BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to Administrator and effectively taking over the application. | 2022-09-29 | not yet calculated | CVE-2020-35675 MISC MISC |
billing_system_project -- billing_system_project | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php. | 2022-09-30 | not yet calculated | CVE-2022-41440 MISC |
billing_system_project -- billing_system_project | Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php. | 2022-09-30 | not yet calculated | CVE-2022-41437 MISC |
billing_system_project -- billing_system_project | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php. | 2022-09-30 | not yet calculated | CVE-2022-41439 MISC |
bosch -- videojet_decoder | Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x. | 2022-09-30 | not yet calculated | CVE-2022-32540 CONFIRM |
bus_pass_management_system -- bus_pass_management_system | Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php.. | 2022-09-30 | not yet calculated | CVE-2022-35156 MISC MISC MISC |
bus_pass_management_system -- bus_pass_management_system | Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. | 2022-09-30 | not yet calculated | CVE-2022-35155 MISC MISC MISC |
canon -- vitrea_view | Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information. | 2022-09-30 | not yet calculated | CVE-2022-37461 MISC MISC CONFIRM |
chamilo -- chamilo | A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file. | 2022-09-29 | not yet calculated | CVE-2022-40407 CONFIRM MISC MISC |
chipolo -- chipolo | Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials. | 2022-09-27 | not yet calculated | CVE-2022-37193 MISC MISC |
cisco -- aironet_access_point | A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition. | 2022-09-30 | not yet calculated | CVE-2022-20945 CISCO |
cisco -- ios_xe | A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition. | 2022-09-30 | not yet calculated | CVE-2022-20856 CISCO |
cisco -- ios_xe | A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller. | 2022-09-30 | not yet calculated | CVE-2022-20855 CISCO |
cisco -- ios_xe | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device. | 2022-09-30 | not yet calculated | CVE-2022-20851 CISCO |
cisco -- multiple_products | A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a smart card login to bypass Duo authentication. A successful exploit could allow the attacker to use any personal identity verification (PIV) smart card for authentication, even if the smart card is not assigned to the authenticating user. | 2022-09-30 | not yet calculated | CVE-2022-20662 CISCO |
cisco -- multiple_products | A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed. | 2022-09-30 | not yet calculated | CVE-2022-20728 CISCO |
cisco -- multiple_products | A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device. | 2022-09-30 | not yet calculated | CVE-2022-20810 CISCO |
cisco -- multiple_products | A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2022-09-30 | not yet calculated | CVE-2022-20848 CISCO |
cisco -- multiple_products | A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses. | 2022-09-30 | not yet calculated | CVE-2022-20844 CISCO |
cisco -- multiple_products | Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | 2022-09-30 | not yet calculated | CVE-2022-20775 CISCO |
cisco -- multiple_products | A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malicious DHCP messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2022-09-30 | not yet calculated | CVE-2022-20847 CISCO |
cisco -- multiple_products | Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | 2022-09-30 | not yet calculated | CVE-2022-20818 CISCO |
cisco -- multiple_products | A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled. | 2022-09-30 | not yet calculated | CVE-2022-20769 CISCO |
cisco -- multiple_products | Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. | 2022-09-27 | not yet calculated | CVE-2021-27853 CONFIRM CONFIRM CONFIRM CISCO |
cisco -- multiple_products | Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse. | 2022-09-27 | not yet calculated | CVE-2021-27854 CONFIRM CONFIRM CONFIRM |
cisco -- multiple_products | Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers) | 2022-09-27 | not yet calculated | CVE-2021-27861 CONFIRM CONFIRM CONFIRM |
cisco -- multiple_products | Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers). | 2022-09-27 | not yet calculated | CVE-2021-27862 CONFIRM CONFIRM |
cisco -- multiple_products | A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition. | 2022-09-30 | not yet calculated | CVE-2022-20919 CISCO |
cisco -- sd-wan_ solution | A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. | 2022-09-30 | not yet calculated | CVE-2022-20850 CISCO |
cisco -- sd-wan_ solution | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition. | 2022-09-30 | not yet calculated | CVE-2022-20930 CISCO |
contec -- fxa3200 | Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). | 2022-09-26 | not yet calculated | CVE-2022-36158 MISC MISC MISC MISC |
contec -- fxa3200 | Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware. | 2022-09-26 | not yet calculated | CVE-2022-36159 MISC MISC MISC MISC |
css-what -- css-what | The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function. | 2022-09-30 | not yet calculated | CVE-2022-21222 CONFIRM CONFIRM |
dell -- hybrid_client | Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | 2022-09-30 | not yet calculated | CVE-2022-34429 MISC |
dell -- hybrid_client | Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. | 2022-09-30 | not yet calculated | CVE-2022-34428 MISC |
dfsms -- dairy_farm_shop_management_system | Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file. | 2022-09-30 | not yet calculated | CVE-2022-40943 MISC MISC |
dfsms -- dairy_farm_shop_management_system | Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file. | 2022-09-30 | not yet calculated | CVE-2022-40944 MISC MISC MISC |
dgiot_lightweight -- dgiot_lightweight | DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | 2022-09-29 | not yet calculated | CVE-2022-35137 MISC MISC |
discourse -- discourse | Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. | 2022-09-29 | not yet calculated | CVE-2022-36068 MISC MISC CONFIRM |
discourse -- discourse | Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. | 2022-09-29 | not yet calculated | CVE-2022-36066 MISC CONFIRM MISC |
discourse -- discourse | Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. | 2022-09-29 | not yet calculated | CVE-2022-39226 CONFIRM MISC MISC |
discourse -- discourse | Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console. | 2022-09-29 | not yet calculated | CVE-2022-39232 MISC CONFIRM MISC |
dnnsoftware -- dnn.platform | Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | 2022-09-30 | not yet calculated | CVE-2022-2922 MISC CONFIRM |
flipper_devices_inc -- flipper_zero | A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file. | 2022-09-29 | not yet calculated | CVE-2022-40363 MISC MISC |
gridea -- gridea | Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled. | 2022-09-30 | not yet calculated | CVE-2022-40274 MISC MISC |
hospital_management_system -- mini-project | hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter. | 2022-09-29 | not yet calculated | CVE-2022-33880 MISC |
hp -- print_products | Certain HP Print Products are potentially vulnerable to Remote Code Execution. | 2022-09-26 | not yet calculated | CVE-2022-28721 MISC |
hp -- print_products | Certain HP Print Products are potentially vulnerable to Buffer Overflow. | 2022-09-26 | not yet calculated | CVE-2022-28722 MISC |
htmly -- htmly | Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. | 2022-09-30 | not yet calculated | CVE-2021-33354 MISC |
ibm -- robotic_process_automation_clients | IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. | 2022-09-29 | not yet calculated | CVE-2022-39168 XF CONFIRM |
ikus060 -- rdiffweb | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | 2022-09-30 | not yet calculated | CVE-2022-3371 CONFIRM MISC |
ikus060 -- rdiffweb | Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | 2022-09-29 | not yet calculated | CVE-2022-3326 CONFIRM MISC |
ikus060 -- rdiffweb | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | 2022-09-29 | not yet calculated | CVE-2022-3364 CONFIRM MISC |
innovaphone -- innovaphone | AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. | 2022-09-30 | not yet calculated | CVE-2022-41870 MISC |
joplin -- joplin | Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function. | 2022-09-30 | not yet calculated | CVE-2022-40277 MISC MISC |
kekingcn -- kkfileview | kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.' | 2022-09-29 | not yet calculated | CVE-2022-40879 MISC |
leryx-longsoft -- clash_for_windows | A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. | 2022-09-29 | not yet calculated | CVE-2022-40126 MISC |
lief -- lief | A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. | 2022-09-30 | not yet calculated | CVE-2022-40923 MISC |
linux -- kernel | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. | 2022-09-30 | not yet calculated | CVE-2022-41849 MISC |
linux -- kernel | drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. | 2022-09-30 | not yet calculated | CVE-2022-41848 MISC MISC |
linux -- kernel | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. | 2022-09-30 | not yet calculated | CVE-2022-41850 MISC |
matrix -- javascript_sdk | Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround. | 2022-09-29 | not yet calculated | CVE-2022-39250 MISC MISC MISC CONFIRM |
matrix -- nio | matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue. | 2022-09-29 | not yet calculated | CVE-2022-39254 CONFIRM MISC |
matrix -- rust-sdk | matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue. | 2022-09-29 | not yet calculated | CVE-2022-39252 CONFIRM MISC MISC MISC |
mediawiki -- securepoll | An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote. | 2022-09-29 | not yet calculated | CVE-2021-42045 MISC MISC |
mojoportal -- mojoportal | mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. | 2022-09-30 | not yet calculated | CVE-2022-40341 MISC MISC |
moodle -- moodle | Insufficient capability checks made it possible for teachers to download users outside of their courses. | 2022-09-29 | not yet calculated | CVE-2021-40692 MISC |
moodle -- moodle | It was possible for a student to view their quiz grade before it had been released, using a quiz web service. | 2022-09-29 | not yet calculated | CVE-2021-40695 MISC |
moodle -- moodle | An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | 2022-09-29 | not yet calculated | CVE-2021-40693 MISC |
moodle -- moodle | The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | 2022-09-30 | not yet calculated | CVE-2022-40316 MISC MISC |
moodle -- moodle | Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | 2022-09-29 | not yet calculated | CVE-2021-40694 MISC |
moodle -- moodle | A limited SQL injection risk was identified in the "browse list of users" site administration page. | 2022-09-30 | not yet calculated | CVE-2022-40315 MISC MISC |
moodle -- moodle | A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. | 2022-09-30 | not yet calculated | CVE-2022-40314 MISC MISC |
moodle -- mustache_templates | Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | 2022-09-30 | not yet calculated | CVE-2022-40313 MISC MISC |
netapp -- snapcenter | SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented. | 2022-09-29 | not yet calculated | CVE-2022-38732 MISC |
nodejs -- isolated-vm | isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. As of time of publication, there are no known fixed versions or workarounds. | 2022-09-29 | not yet calculated | CVE-2022-39266 CONFIRM |
octopus -- deploy | In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | 2022-09-30 | not yet calculated | CVE-2022-2778 MISC |
open5gs -- open5gs | A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service. | 2022-09-29 | not yet calculated | CVE-2022-40890 MISC |
open5gs -- open5gs | A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The name of the patch is 724fa568435dae45ef0c3a48b2aabde052afae88. It is recommended to apply a patch to fix this issue. The identifier VDB-209545 was assigned to this vulnerability. | 2022-09-26 | not yet calculated | CVE-2022-3299 MISC MISC MISC |
orchest -- orchest | ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at rick@orchest.io | 2022-09-30 | not yet calculated | CVE-2022-39268 MISC MISC MISC CONFIRM |
pingidentity -- pingcentral | PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. | 2022-09-30 | not yet calculated | CVE-2022-23726 MISC CONFIRM |
pulse_secure -- pulse_connect_secure_vpn_server | Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS. | 2022-09-30 | not yet calculated | CVE-2022-21826 MISC |
qemu_and_redhat --multiple_products | QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. | 2022-09-29 | not yet calculated | CVE-2014-0144 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
qemu_and_redhat --multiple_products | Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. | 2022-09-29 | not yet calculated | CVE-2014-0147 MISC MISC MISC MISC MISC MISC |
qemu_and_redhat --multiple_products | Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS. | 2022-09-29 | not yet calculated | CVE-2014-0148 MISC MISC MISC MISC MISC MISC |
react-native-reanimated -- react-native-reanimated | The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js. | 2022-09-30 | not yet calculated | CVE-2022-24373 CONFIRM CONFIRM CONFIRM CONFIRM |
realvnc -- vnc_server | RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. | 2022-09-30 | not yet calculated | CVE-2022-41975 MISC |
ruby -- ruby | An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow. | 2022-09-29 | not yet calculated | CVE-2016-2338 MLIST MISC |
sflow -- decode_package | sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service. | 2022-09-30 | not yet calculated | CVE-2022-2529 MISC |
shibboleth -- multiple_products | A session hijack risk was identified in the Shibboleth authentication plugin. | 2022-09-29 | not yet calculated | CVE-2021-40691 MISC |
solarwinds -- orion | Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | 2022-09-30 | not yet calculated | CVE-2022-36965 CONFIRM CONFIRM |
solarwinds -- orion | A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | 2022-09-30 | not yet calculated | CVE-2022-36961 MISC MISC |
sonicjs -- sonicjs | SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete. | 2022-10-01 | not yet calculated | CVE-2022-42002 MISC MISC |
sourcecodester -- best_student_result_management_system | SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection. | 2022-09-29 | not yet calculated | CVE-2022-40887 MISC |
totolink -- a860r | TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi. | 2022-09-29 | not yet calculated | CVE-2022-40475 MISC |
transfer.sh -- transfer.sh | dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS). | 2022-09-29 | not yet calculated | CVE-2022-40931 MISC MISC |
uclibc -- uclibc-ng | A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability. | 2022-09-29 | not yet calculated | CVE-2022-29503 MISC |
western_digital_and_sandisk -- multiple_products
| A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes. | 2022-09-27 | not yet calculated | CVE-2022-23006 MISC |
wolfssl -- wolfssl | In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message. | 2022-09-29 | not yet calculated | CVE-2022-39173 MISC MISC |
wordpress -- wordpress | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress. | 2022-09-30 | not yet calculated | CVE-2021-36830 CONFIRM CONFIRM |
wordpress -- wordpress | Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz. | 2022-09-30 | not yet calculated | CVE-2021-36865 CONFIRM CONFIRM |
wordpress -- wordpress | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | 2022-09-30 | not yet calculated | CVE-2021-36855 CONFIRM CONFIRM |
wordpress -- wordpress | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | 2022-09-30 | not yet calculated | CVE-2021-36854 CONFIRM CONFIRM |
wordpress -- wordpress | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress. | 2022-09-30 | not yet calculated | CVE-2021-36839 CONFIRM CONFIRM |
xpdf -- xpdf_reader | An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc. | 2022-09-30 | not yet calculated | CVE-2022-41842 MISC MISC |
xpdf -- xpdf_reader | An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928. | 2022-09-30 | not yet calculated | CVE-2022-41843 MISC MISC |
xpdf -- xpdf_reader | An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088. | 2022-09-30 | not yet calculated | CVE-2022-41844 MISC MISC MISC |
yii -- feehicms | FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. | 2022-09-29 | not yet calculated | CVE-2022-40408 MISC |
zkteco -- zkbio_time | ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module. | 2022-09-29 | not yet calculated | CVE-2022-40472 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.