Vulnerability Summary for the Week of September 26, 2022

Released
Oct 03, 2022
Document ID
SB22-276

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
acer -- altos_t110_f3There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.2022-09-237.8CVE-2022-30426
MISC
MISC
MISC
advantech -- iviewAn SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.2022-09-277.5CVE-2022-3323
MISC
apache -- pinotIn 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.02022-09-239.8CVE-2022-26112
CONFIRM
apple -- ipad_osAn out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.2022-09-237.1CVE-2020-36521
MISC
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.2022-09-237.8CVE-2022-32814
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.2022-09-238.8CVE-2022-26700
MISC
MISC
MISC
MISC
MISC
apple -- iphone_osA use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.2022-09-238.8CVE-2022-22624
MISC
MISC
MISC
MISC
apple -- macosAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges.2022-09-237.8CVE-2022-32842
MISC
MISC
apple -- macosA memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.2022-09-237.8CVE-2022-32796
MISC
apple -- macosAn authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.2022-09-237.8CVE-2022-32826
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app may be able to gain elevated privileges.2022-09-237.8CVE-2022-32798
MISC
apple -- macosA logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.2022-09-237.8CVE-2022-32819
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to gain root privileges.2022-09-237.8CVE-2022-32801
MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.2022-09-237.8CVE-2022-32829
MISC
MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.2022-09-237.8CVE-2022-32815
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox.2022-09-2310CVE-2022-32845
MISC
MISC
MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.2022-09-237.5CVE-2022-32790
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.2022-09-238.8CVE-2022-32792
MISC
MISC
MISC
MISC
MISC
apple -- macosAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.2022-09-237.8CVE-2022-32820
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosA memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.2022-09-237.8CVE-2022-32821
MISC
MISC
MISC
MISC
apple -- macosAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.2022-09-237.1CVE-2022-32852
MISC
apple -- macosAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.2022-09-237.1CVE-2022-32851
MISC
MISC
MISC
apple -- macosAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.2022-09-237.1CVE-2022-32831
MISC
MISC
MISC
apple -- macosAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory.2022-09-237.1CVE-2022-32843
MISC
MISC
MISC
apple -- macosA buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.2022-09-238.8CVE-2022-22629
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.2022-09-238.8CVE-2022-32787
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.2022-09-237.1CVE-2022-32797
MISC
MISC
MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory.2022-09-239.1CVE-2022-32847
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosThis issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.2022-09-237.1CVE-2022-32807
MISC
MISC
MISC
apple -- macosAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.2022-09-237.1CVE-2022-32853
MISC
MISC
MISC
apple -- swiftnioNIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines to their input (usually in encoded form) and "inject" those newlines into the returned HTTP response. This capability allows users to work around security headers and HTTP/1.1 framing headers by injecting entirely false responses or other new headers. The injected false responses may also be treated as the response to subsequent requests, which can lead to XSS, cache poisoning, and a number of other flaws. This issue was resolved by adding validation to the HTTPHeaders type, ensuring that there's no whitespace incorrectly present in the HTTP headers provided by users. As the existing API surface is non-failable, all invalid characters are replaced by linear whitespace.2022-09-287.5CVE-2022-3215
MISC
apple -- tvosA memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.2022-09-238.8CVE-2022-22610
MISC
MISC
MISC
MISC
MISC
apple -- tvosA logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.2022-09-238.8CVE-2022-22637
MISC
MISC
MISC
MISC
MISC
apple -- tvosA use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.2022-09-238.8CVE-2022-22628
MISC
MISC
MISC
MISC
MISC
arvados -- arvadosArvados is an open source platform for managing and analyzing biomedical big data. In versions prior to 2.4.3, when using Portable Authentication Modules (PAM) for user authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host (such as an expired password), it would still be accepted for access to Arvados. Other authentication methods (LDAP, OpenID Connect) supported by Arvados are not affected by this flaw. This issue is patched in version 2.4.3. Workaround for this issue is to migrate to a different authentication method supported by Arvados, such as LDAP.2022-09-238.8CVE-2022-39238
CONFIRM
b2evolution -- b2evolutionAn authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well.2022-09-289.1CVE-2022-30935
MISC
MISC
MISC
centreon -- centreonCentreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.2022-09-268.8CVE-2022-40043
MISC
MISC
checkpoint -- zonealarmCheck Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.2022-09-278.8CVE-2022-41604
MISC
MISC
MISC
cloudbase -- open_vswitchIn ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.2022-09-288.8CVE-2022-32166
MISC
MISC
cloudwego -- hertzHertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.2022-09-287.5CVE-2022-40082
MISC
MISC
dell -- smartfabric_os10Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans.2022-09-287.5CVE-2022-34424
MISC
denx -- u-bootThere exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.2022-09-237.1CVE-2022-2347
MISC
dompdf -- dompdfregisterFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.2022-09-257.5CVE-2022-41343
MISC
MISC
MISC
ec-cube -- product_image_bulk_uploadEC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system.2022-09-279.8CVE-2022-37346
MISC
MISC
exam_reviewer_management -- exam_reviewer_managementIn Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).2022-09-278.8CVE-2022-40878
MISC
exam_reviewer_management -- exam_reviewer_managementExam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.2022-09-279.8CVE-2022-40877
MISC
eyesofnetwork -- eyesofnetworkAn issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.2022-09-279.8CVE-2022-41571
MISC
eyesofnetwork -- eyesofnetworkAn issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.2022-09-279.8CVE-2022-41570
MISC
ffmpeg -- ffmpegA heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e052022-09-237.8CVE-2022-2566
MISC
flatpress -- flatpressFlatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.2022-09-297.2CVE-2022-40048
MISC
MISC
food_ordering_management_system -- food_ordering_management_systemA vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583.2022-09-289.8CVE-2022-3332
MISC
MISC
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.2022-09-289.8CVE-2022-28811
CONFIRM
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.2022-09-289.8CVE-2022-28812
CONFIRM
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.2022-09-289.8CVE-2022-22522
CONFIRM
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.2022-09-289.8CVE-2022-22526
CONFIRM
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .2022-09-289.4CVE-2022-22524
CONFIRM
gavazziautomation -- cpy_car_park_serverAn improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.2022-09-287.5CVE-2022-22523
CONFIRM
gavazziautomation -- cpy_car_park_serverCarlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.2022-09-289.8CVE-2022-28814
CONFIRM
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function2022-09-287.2CVE-2022-22525
CONFIRM
google -- chromeInsufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3045
MISC
MISC
GENTOO
FEDORA
google -- chromeOut of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.2022-09-268.8CVE-2022-3195
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3199
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3049
MISC
MISC
GENTOO
FEDORA
google -- chromeHeap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.2022-09-268.8CVE-2022-3051
MISC
MISC
GENTOO
FEDORA
google -- chromeHeap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3043
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3042
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3046
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2022-09-268.8CVE-2022-3197
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3040
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3055
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2022-09-268.8CVE-2022-3196
MISC
MISC
GENTOO
FEDORA
google -- chromeHeap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.2022-09-268.8CVE-2022-3052
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.2022-09-268.8CVE-2022-3058
MISC
MISC
GENTOO
FEDORA
google -- chromeHeap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.2022-09-268.8CVE-2022-3050
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-2998
MISC
MISC
google -- chromeHeap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3200
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-2852
MISC
MISC
FEDORA
google -- chromeUse after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2022-09-268.8CVE-2022-3198
MISC
MISC
GENTOO
FEDORA
google -- chromeHeap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-2853
MISC
MISC
FEDORA
google -- chromeUse after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3039
MISC
MISC
GENTOO
FEDORA
google -- chromeInsufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.2022-09-269.6CVE-2022-3075
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.2022-09-268.8CVE-2022-2859
MISC
MISC
FEDORA
google -- chromeDouble free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-297.5CVE-2019-5797
MISC
MISC
google -- chromeUse after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3038
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3041
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-2854
MISC
MISC
FEDORA
google -- chromeUse after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-2855
MISC
MISC
FEDORA
google -- chromeUse after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-2857
MISC
MISC
FEDORA
google -- chromeUse after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.2022-09-268.8CVE-2022-3071
MISC
MISC
GENTOO
FEDORA
google -- chromeUse after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.2022-09-268.8CVE-2022-2858
MISC
MISC
FEDORA
grandstream -- gds3710an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.2022-09-239.8CVE-2022-2025
CONFIRM
grandstream -- gds3710In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.2022-09-239.8CVE-2022-2070
CONFIRM
graphicsmagick -- graphicsmagickIn GraphicsMagick, a heap buffer overflow was found when parsing MIFF.2022-09-287.8CVE-2022-1270
MISC
GENTOO
hapijs -- hoekhoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.2022-09-238.1CVE-2020-36604
MISC
MISC
ibm -- sterling_partner_engagement_managerIBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.2022-09-237.1CVE-2022-34348
CONFIRM
XF
ibm -- websphere_mqIBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager.2022-09-297.5CVE-2012-2201
XF
ikus-soft -- rdiffwebSession Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7.2022-09-239.8CVE-2022-3269
CONFIRM
MISC
ikus-soft -- rdiffwebImproper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.2022-09-267.5CVE-2022-3290
CONFIRM
MISC
ikus-soft -- rdiffwebAllocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.2022-09-267.5CVE-2022-3295
CONFIRM
MISC
ikus-soft -- rdiffwebImproper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.2022-09-267.5CVE-2022-3272
MISC
CONFIRM
ikus-soft -- rdiffwebAllocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.2022-09-267.5CVE-2022-3298
CONFIRM
MISC
insyde -- insydeh2oAn issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI.2022-09-238.2CVE-2022-36338
MISC
MISC
MISC
insyde -- insydeh2oAn issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.2022-09-288.2CVE-2022-36448
MISC
MISC
MISC
insyde -- insydeh2oAn issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.2022-09-238.2CVE-2022-35893
MISC
MISC
MISC
jflyfox -- jfinal_cmsJFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.2022-09-278.8CVE-2022-37209
MISC
MISC
joblib -- joblibThe package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.2022-09-269.8CVE-2022-21797
CONFIRM
CONFIRM
CONFIRM
CONFIRM
kovidgoyal -- kittyIn Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.2022-09-237.8CVE-2022-41322
MISC
MISC
MISC
MISC
GENTOO
FEDORA
FEDORA
labstack -- echoLabstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).2022-09-289.6CVE-2022-40083
MISC
lcnet -- smart_evisionSmart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service.2022-09-288.8CVE-2022-39032
MISC
lcnet -- smart_evisionsmart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information.2022-09-287.5CVE-2022-39030
MISC
lcnet -- smart_evisionSmart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete arbitrary system files to disrupt service.2022-09-289.8CVE-2022-39033
MISC
linux -- linuxoff-by-one in io_uring module.2022-09-267.8CVE-2022-3103
MISC
linuxfoundation -- besuBesu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations. In networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations. This issue is patched in version 22.7.1. As a workaround, reverting to version 22.1.3 or earlier will prevent incorrect execution.2022-09-249.1CVE-2022-36025
CONFIRM
linuxfoundation -- fabricA vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack.2022-09-237.5CVE-2022-35253
MISC
MISC
MISC
mailcow -- mailcowmailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server.2022-09-278.2CVE-2022-39258
MISC
CONFIRM
makedeb -- mistMist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.2022-09-267.8CVE-2022-39245
CONFIRM
MISC
MISC
matrix -- javascript_sdkMatrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround.2022-09-287.5CVE-2022-39249
MISC
CONFIRM
MISC
MISC
MISC
matrix -- javascript_sdkMatrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.2022-09-287.5CVE-2022-39251
MISC
MISC
MISC
CONFIRM
matrix -- software_development_kitMatrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.2022-09-287.5CVE-2022-39257
MISC
CONFIRM
MISC
MISC
matrix -- software_development_kitMatrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-ios-sdk version 0.23.19 has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. To avoid malicious backup attacks, one should not verify one's new logins using emoji/QR verifications methods until patched.2022-09-287.5CVE-2022-39255
MISC
CONFIRM
MISC
MISC
matrix -- software_development_kitmatrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. matrix-android-sdk2 would then additionally sign such a key backup with its device key, spilling trust over to other devices trusting the matrix-android-sdk2 device. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-android-sdk2 version 1.5.1 has been modified to only accept Olm-encrypted to-device messages and to stop signing backups on a successful decryption. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.2022-09-287.5CVE-2022-39248
MISC
MISC
CONFIRM
MISC
measuresoft -- scadapro_serverThe security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.2022-09-237.8CVE-2022-3263
CONFIRM
metersphere -- metersphereAn arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.2022-09-299.8CVE-2021-45790
MISC
metersphere -- metersphereTime-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter.2022-09-298.8CVE-2021-45788
MISC
mipcm -- mipc_cameraUnsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. This allows an attacker to gain remote code execution on cameras running the firmware when a victim logs into a specially crafted mobile app.2022-09-268.8CVE-2022-40785
MISC
mipcm -- mipc_cameraUnlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406.2022-09-268.8CVE-2022-40784
MISC
mz-automation -- libiec61850MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.2022-09-239.8CVE-2022-2972
MISC
mz-automation -- libiec61850MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.2022-09-237.5CVE-2022-2971
MISC
mz-automation -- libiec61850MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.2022-09-239.8CVE-2022-2970
MISC
mz-automation -- libiec61850MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.2022-09-237.5CVE-2022-2973
MISC
nepxion -- discoveryNepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds.2022-09-249.8CVE-2022-23463
MISC
nepxion -- discoveryNepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.2022-09-247.5CVE-2022-23464
MISC
next-auth -- nextauth`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use `next-auth` Email Provider and `@next-auth/upstash-redis-adapter` before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation did not check for both the identifier (email) and the token, but only checking for the identifier when verifying the token in the email callback flow. An attacker who knows about the victim's email could easily sign in as the victim, given the attacker also knows about the verification token's expired duration. The vulnerability is patched in v3.0.2. A workaround is available. Using Advanced Initialization, developers can check the requests and compare the query's token and identifier before proceeding.2022-09-288.1CVE-2022-39263
CONFIRM
MISC
nic -- knot_resolverKnot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.2022-09-237.5CVE-2022-40188
CONFIRM
FEDORA
FEDORA
FEDORA
nlnetlabs -- unboundA vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.2022-09-267.5CVE-2022-3204
CONFIRM
FEDORA
notepad-plus-plus -- notepad-plus-plusNotepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.2022-09-287.8CVE-2022-32168
CONFIRM
MISC
nuprocess -- nuprocessNuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's Java_java_lang_UNIXProcess_forkAndExec method (1.2.0+), attackers can use NUL characters in their strings to perform command line injection. Java's ProcessBuilder isn't vulnerable because of a check in ProcessBuilder.start. NuProcess is missing that check. This vulnerability can only be exploited to inject command line arguments on Linux. Version 2.0.5 contains a patch. As a workaround, users of the library can sanitize command strings to remove NUL characters prior to passing them to NuProcess for execution.2022-09-269.8CVE-2022-39243
MISC
CONFIRM
MISC
online_banking_system -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php.2022-09-239.8CVE-2022-40118
MISC
MISC
online_banking_system -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php.2022-09-239.8CVE-2022-40115
MISC
MISC
online_banking_system -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php.2022-09-239.8CVE-2022-40116
MISC
MISC
online_banking_system -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php.2022-09-239.8CVE-2022-40120
MISC
MISC
online_banking_system -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php.2022-09-239.8CVE-2022-40114
MISC
MISC
online_banking_system -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php.2022-09-239.8CVE-2022-40119
MISC
MISC
online_banking_system -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php.2022-09-239.8CVE-2022-40117
MISC
MISC
online_banking_system -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php.2022-09-239.8CVE-2022-40121
MISC
MISC
online_banking_system -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php.2022-09-239.8CVE-2022-40122
MISC
MISC
online_banking_system -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php.2022-09-239.8CVE-2022-40113
MISC
MISC
online_leave_management_system -- online_leave_management_systemOnline Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application.2022-09-267.2CVE-2022-40928
MISC
online_leave_management_system -- online_leave_management_systemOnline Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation.2022-09-267.2CVE-2022-40927
MISC
online_leave_management_system -- online_leave_management_systemOnline Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type.2022-09-267.2CVE-2022-40926
MISC
online_market_place_site -- online_market_place_siteSourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection..2022-09-269.8CVE-2022-30004
MISC
MISC
online_tours_travels_management_system -- online_tours_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_currency.php.2022-09-267.2CVE-2022-40097
MISC
online_tours_travels_management_system -- online_tours_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php.2022-09-267.2CVE-2022-40099
MISC
online_tours_travels_management_system -- online_tours_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php.2022-09-277.2CVE-2022-40354
MISC
online_tours_travels_management_system -- online_tours_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php.2022-09-277.2CVE-2022-40353
MISC
online_tours_travels_management_system -- online_tours_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php.2022-09-267.2CVE-2022-40098
MISC
online_tours_travels_management_system -- online_tours_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php.2022-09-277.2CVE-2022-40352
MISC
open5gs -- open5gsA vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-209686 is the identifier assigned to this vulnerability.2022-09-287.5CVE-2022-3354
MISC
MISC
orckestra -- c1_cmsOrckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.2022-09-278CVE-2022-39256
MISC
MISC
CONFIRM
pbc -- pbcAn issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.2022-09-237.5CVE-2022-38936
MISC
python-jwt -- python-jwtpython-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds.2022-09-239.1CVE-2022-39227
MISC
CONFIRM
MISC
qualcomm -- apq8009Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-267.8CVE-2022-22058
CONFIRM
realtek -- rtl8195amOn Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task can be locked when there are frequent and continuous Wi-Fi connection failures for the Soft AP mode.2022-09-277.5CVE-2022-34326
MISC
MISC
redis -- redisRedis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.2022-09-239.8CVE-2022-35951
CONFIRM
FEDORA
GENTOO
resumes_management_and_job_application_website_application -- resumes_management_and_job_application_website_applicationSQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.2022-09-279.8CVE-2021-41433
MISC
MISC
rocket.chat -- rocket.chatA improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.2022-09-238.8CVE-2022-35248
MISC
rocket.chat -- rocket.chatA SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.2022-09-238.8CVE-2022-32211
MISC
rockwellautomation -- thinmanagerRockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.2022-09-239.8CVE-2022-38742
MISC
samsung -- tizenrtAn issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).2022-09-297.5CVE-2022-40279
MISC
MISC
MISC
samsung -- tizenrtAn issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.2022-09-297.5CVE-2022-40278
MISC
MISC
MISC
MISC
scala-lang -- scalaScala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.2022-09-239.8CVE-2022-36944
MISC
MISC
secp256k1-js_project -- secp256k1-jsThe secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.2022-09-247.5CVE-2022-41340
MISC
MISC
MISC
MISC
sophos -- firewallA code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.2022-09-239.8CVE-2022-3236
CONFIRM
strapi -- strapiStrapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.2022-09-278.8CVE-2022-31367
MISC
MISC
MISC
symfony -- twigTwig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.2022-09-287.5CVE-2022-39261
MISC
CONFIRM
CONFIRM
tacitine -- en6200-prime_quad-35This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform session fixation on the targeted device.2022-09-239.8CVE-2022-40630
MISC
MISC
tacitine -- en6200-prime_quad-35This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device.2022-09-239.8CVE-2022-40628
MISC
MISC
tacitine -- en6200-prime_quad-35This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to insecure design in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to view sensitive information on the targeted device.2022-09-237.5CVE-2022-40629
MISC
MISC
tenda -- ac18Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/2022-09-237.2CVE-2022-40861
MISC
tenda -- ac18Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set2022-09-239.8CVE-2022-40854
MISC
tenda -- i9Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-237.5CVE-2022-40106
MISC
tenda -- i9Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-237.5CVE-2022-40107
MISC
tenda -- i9Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-237.5CVE-2022-40105
MISC
tenda -- i9Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function.2022-09-239.8CVE-2022-40100
MISC
tenda -- i9Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-237.5CVE-2022-40102
MISC
tenda -- i9Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-237.5CVE-2022-40101
MISC
tenda -- i9Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-237.5CVE-2022-40104
MISC
tenda -- tx3Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.2022-09-289.8CVE-2022-40942
MISC
tenda -- w20eTenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/2022-09-239.8CVE-2022-40866
MISC
tenda -- w20eTenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/2022-09-239.8CVE-2022-40867
MISC
tenda -- w20eTenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/2022-09-239.8CVE-2022-40868
MISC
tenda -- w20eTenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.2022-09-239.8CVE-2022-40855
MISC
toaruos -- toaruosreadelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file.2022-09-277.8CVE-2022-38932
MISC
tp-link -- archer_ax10_v1TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file.2022-09-288.8CVE-2022-40486
MISC
MISC
MISC
trendmicro -- deep_securityA link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-09-287.8CVE-2022-40710
N/A
N/A
trudesk_project -- trudeskThe trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service.2022-09-297.5CVE-2022-1718
CONFIRM
MISC
ui -- desktopA local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.2022-09-237.8CVE-2022-35257
MISC
vim -- vimUse After Free in GitHub repository vim/vim prior to 9.0.0614.2022-09-297.8CVE-2022-3352
CONFIRM
MISC
vim -- vimUse After Free in GitHub repository vim/vim prior to 9.0.0579.2022-09-257.8CVE-2022-3297
MISC
CONFIRM
vim -- vimStack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.2022-09-257.8CVE-2022-3296
MISC
CONFIRM
vim -- vimStack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.2022-09-277.8CVE-2022-3324
CONFIRM
MISC
wayland -- waylandAn internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.2022-09-239.8CVE-2021-3782
MISC
wazuh -- wazuhWazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.2022-09-288.8CVE-2022-40497
MISC
wedding_planner -- wedding_plannerWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php.2022-09-269.8CVE-2022-40483
MISC
wedding_planner -- wedding_plannerWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php.2022-09-269.8CVE-2022-40485
MISC
wedding_planner -- wedding_plannerWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php.2022-09-267.2CVE-2022-40403
MISC
wedding_planner -- wedding_plannerWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php.2022-09-269.8CVE-2022-40484
MISC
wedding_planner -- wedding_plannerWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php.2022-09-268.8CVE-2022-40402
MISC
wedding_planner -- wedding_plannerWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php.2022-09-268.8CVE-2022-40404
MISC
wordpress -- wordpressThe Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file2022-09-268.8CVE-2021-24890
MISC
CONFIRM
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.2022-09-238.8CVE-2022-38085
CONFIRM
CONFIRM
wordpress -- wordpressAuthenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.2022-09-238.8CVE-2022-38134
CONFIRM
CONFIRM
wordpress -- wordpressThe Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.2022-09-267.2CVE-2022-2352
MISC
wordpress -- wordpressThe Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.2022-09-267.2CVE-2022-2903
MISC
wordpress -- wordpressThe Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication2022-09-267.5CVE-2022-2987
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress.2022-09-238.8CVE-2022-38079
CONFIRM
CONFIRM
wordpress -- wordpressThe CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.2022-09-267.2CVE-2022-3076
MISC
wordpress -- wordpressUnauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress2022-09-237.5CVE-2022-40194
CONFIRM
CONFIRM
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress.2022-09-238.8CVE-2022-38454
CONFIRM
CONFIRM
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.2022-09-238.8CVE-2022-38470
CONFIRM
CONFIRM
wordpress -- wordpressThe OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address2022-09-267.5CVE-2022-3119
MISC
xpdfreader -- xpdfThere is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.2022-09-297.8CVE-2022-38222
MISC
xuxueli -- xxl-jobXXL-JOB 2.2.0 has a Command execution vulnerability in background tasks.2022-09-289.8CVE-2022-40929
MISC
zfile -- zfileZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.2022-09-269.8CVE-2022-40050
MISC
zimbra -- collaborationAn issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.2022-09-267.8CVE-2022-41347
MISC
MISC
MISC
MISC
zimbra -- collaborationAn issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio.2022-09-269.8CVE-2022-41352
MISC
MISC
MISC
zoo_management_system -- zoo_management_systemZoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system.2022-09-267.2CVE-2022-40925
MISC
zoo_management_system -- zoo_management_systemZoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.2022-09-267.2CVE-2022-40924
MISC
zte -- zxa10_b76hv3There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.2022-09-239.1CVE-2022-23144
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.2022-09-299.8CVE-2020-15331
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.2022-09-297.5CVE-2020-15340
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.2022-09-297.5CVE-2020-15341
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.2022-09-299.8CVE-2020-15347
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.2022-09-299.8CVE-2020-15332
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.2022-09-297.5CVE-2020-15327
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10up -- restricted_site_accessThe Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.2022-09-265.3CVE-2022-1613
MISC
3d_tag_cloud_project -- 3d_tag_cloudMultiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.2022-09-236.1CVE-2022-36417
CONFIRM
CONFIRM
add_shortcodes_actions_and_filters_project -- add_shortcodes_actions_and_filtersAuthenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability Add Shortcodes Actions And Filters plugin <= 2.0.9 at WordPress.2022-09-234.8CVE-2022-37342
CONFIRM
CONFIRM
adobe -- download_managerThe Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory2022-09-264.9CVE-2022-2926
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-235.4CVE-2022-38438
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-235.4CVE-2022-38439
MISC
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-305.4CVE-2022-28851
MISC
ajaxplorer -- ajaxplorerAn issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload.2022-09-235.4CVE-2022-40358
MISC
MISC
algolplus -- advanced_dynamic_pricing_for_woocommerceCross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress.2022-09-234.3CVE-2022-38095
CONFIRM
CONFIRM
amazon -- fhir-works-on-aws-authz-smartfhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s OAuth scope permits when making “search-type” requests. This issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access. Users of fhir-works-on-aws-authz-smart 3.1.1 or 3.1.2 should upgrade to version 3.1.3 or higher immediately. Versions 3.1.0 and below are unaffected. There is no workaround for this issue.2022-09-236.5CVE-2022-39230
CONFIRM
apache -- pulsarTLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle attacks, which could leak credentials, configuration data, message data, and any other data sent by these clients. The vulnerability is for both the pulsar+ssl protocol and HTTPS. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. This issue affects Apache Pulsar Broker, Proxy, and WebSocket Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.2022-09-235.9CVE-2022-33682
MISC
apache -- pulsarDelayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication data is sent before verifying the server’s TLS certificate matches the hostname, which means authentication data could be exposed to an attacker. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. Because the client sends authentication data before performing hostname verification, an attacker could gain access to the client’s authentication data. The client eventually closes the connection when it verifies the hostname and identifies the targeted hostname does not match a hostname on the certificate. Because the client eventually closes the connection, the value of the intercepted authentication data depends on the authentication method used by the client. Token based authentication and username/password authentication methods are vulnerable because the authentication data can be used to impersonate the client in a separate session. This issue affects Apache Pulsar Java Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.2022-09-235.9CVE-2022-33681
MISC
apache -- pulsarApache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middle attacks, which could leak authentication data, configuration data, and any other data sent by these clients. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. This issue affects Apache Pulsar Broker and Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.2022-09-235.9CVE-2022-33683
MISC
apache -- tomcatThe simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.2022-09-285.3CVE-2021-43980
MISC
MLIST
apasionados -- export_post_infoAuthenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress.2022-09-235.7CVE-2022-38061
CONFIRM
CONFIRM
apple -- macosA memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.2022-09-235.5CVE-2022-32823
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosThis issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.2022-09-234.4CVE-2022-32781
MISC
MISC
MISC
MISC
apple -- macosA logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences.2022-09-235.5CVE-2022-32789
MISC
apple -- macosThis issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root privileges may be able to access private information.2022-09-234.4CVE-2022-32782
MISC
apple -- macosAn issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.2022-09-235.5CVE-2022-32786
MISC
MISC
MISC
apple -- macosA logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.2022-09-235.5CVE-2022-32783
MISC
apple -- macosAn out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information.2022-09-235.9CVE-2022-32799
MISC
MISC
apple -- macosAn out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.2022-09-235.5CVE-2022-32817
MISC
MISC
MISC
MISC
apple -- macosThe issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to access sensitive user information.2022-09-235.5CVE-2022-32805
MISC
MISC
MISC
apple -- macosA null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.2022-09-235.5CVE-2022-32785
MISC
MISC
MISC
MISC
apple -- macosAn information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.2022-09-235.5CVE-2022-32849
MISC
MISC
MISC
MISC
MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.2022-09-235.5CVE-2022-32800
MISC
MISC
MISC
apple -- macosA logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to capture a user’s screen.2022-09-235.5CVE-2022-32848
MISC
MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state.2022-09-235.5CVE-2022-32818
MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image may result in disclosure of process memory.2022-09-235.5CVE-2022-32841
MISC
MISC
MISC
MISC
apple -- macosAn issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information.2022-09-235.5CVE-2022-26707
MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.2022-09-236.7CVE-2022-32832
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosThe issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.2022-09-236.5CVE-2022-32816
MISC
MISC
MISC
MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.2022-09-235.5CVE-2022-32825
MISC
MISC
MISC
MISC
MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.2022-09-235.5CVE-2022-32828
MISC
MISC
MISC
asus -- armoury_crate_serviceArmoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.2022-09-285.9CVE-2022-38699
MISC
asus -- rt-ax88u_firmwareAn HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.2022-09-266.5CVE-2021-41437
MISC
CONFIRM
bitcoin\/altcoin_faucet_project -- bitcoin\/altcoin_faucetThe Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues2022-09-265.4CVE-2022-3025
MISC
blazzdev -- rate_my_post_-_wp_rating_systemCross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.2022-09-234.3CVE-2022-40671
CONFIRM
CONFIRM
blossomthemes -- blossom_recipe_makerMultiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress.2022-09-235.4CVE-2022-37338
CONFIRM
CONFIRM
bytebase -- bytebase
 
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.2022-09-284.3CVE-2022-32170
MISC
MISC
bytebase -- bytebase
 
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.2022-09-284.3CVE-2022-32169
MISC
MISC
castos -- seriously_simple_podcastingCross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.2022-09-234.3CVE-2022-40132
CONFIRM
CONFIRM
centreon -- centreonCentreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.2022-09-265.4CVE-2022-40044
MISC
MISC
clogica -- seo_redirectionCross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.2022-09-234.3CVE-2022-38704
CONFIRM
CONFIRM
connectwise -- connectwiseWiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor the traffic, and perform a brute force on the session code in order to get in. Sensitive data about the company , get in a session.2022-09-285.3CVE-2022-36781
MISC
cowell_enterprise_travel_management_system_project -- cowell_enterprise_travel_management_systemCowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.2022-09-286.1CVE-2022-39054
MISC
creativeitem -- academy_learning_management_systemAcademy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.2022-09-266.1CVE-2022-38553
MISC
MISC
MISC
MISC
MISC
dell -- smartfabric_os10Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.2022-09-284.9CVE-2022-29089
MISC
ec-cube -- ec-cubeDOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page.2022-09-275.4CVE-2022-38975
MISC
MISC
elastic -- elastic_cloud_enterpriseA flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.2022-09-285.3CVE-2022-23716
MISC
MISC
etaplighting -- etap_safety_managerETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.2022-09-286.1CVE-2022-40912
MISC
expense_management_system_project -- expense_management_systemA stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.2022-09-285.4CVE-2021-41434
MISC
MISC
express_xss_sanitizer_project -- express_xss_sanitizerThe package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.2022-09-266.1CVE-2022-21169
CONFIRM
CONFIRM
CONFIRM
CONFIRM
f-secure -- internet_gatekeeperA Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine2022-09-235.5CVE-2022-28886
MISC
MISC
fullworksplugins -- meet_my_teamAuthenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress.2022-09-235.4CVE-2022-37339
CONFIRM
CONFIRM
fusionpbx -- fusionpbxAn issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).2022-09-296.5CVE-2021-43403
MISC
fwupd -- fwupdWhen creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.2022-09-286.5CVE-2022-3287
MISC
gajim -- gajimAn issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.2022-09-275.3CVE-2022-39835
MISC
MISC
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.2022-09-286.1CVE-2022-28816
CONFIRM
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.2022-09-285.3CVE-2022-28813
CONFIRM
glfusion -- glfusionglFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application's response.2022-09-296.1CVE-2021-45843
MISC
google -- chromeInappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.2022-09-266.5CVE-2022-3044
MISC
MISC
GENTOO
FEDORA
google -- chromeInsufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.2022-09-265.4CVE-2022-3201
MISC
MISC
GENTOO
DEBIAN
FEDORA
google -- chromeInappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.2022-09-266.8CVE-2022-3048
MISC
MISC
GENTOO
FEDORA
google -- chromeInsufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.2022-09-266.5CVE-2022-3056
MISC
MISC
GENTOO
FEDORA
google -- chromeInsufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.2022-09-266.5CVE-2022-2856
MISC
MISC
FEDORA
google -- chromeInsufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.2022-09-266.5CVE-2022-3047
MISC
MISC
GENTOO
FEDORA
google -- chromeInsufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-266.5CVE-2022-3054
MISC
MISC
GENTOO
FEDORA
google -- chromeInsufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.2022-09-266.5CVE-2022-2860
MISC
MISC
FEDORA
google -- chromeInappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.2022-09-266.5CVE-2022-2861
MISC
MISC
FEDORA
google -- chromeInappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2022-09-266.5CVE-2022-3057
MISC
MISC
GENTOO
FEDORA
google -- chromeInappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.2022-09-264.3CVE-2022-3053
MISC
MISC
GENTOO
FEDORA
gunkastudios -- login_block_ipsThe Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack2022-09-264.3CVE-2022-3098
MISC
hashicorp -- consulHashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."2022-09-236.5CVE-2022-40716
MISC
MISC
heimavista -- dark_horse_rpageHeimavista Rpage has insufficient filtering for platform web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.2022-09-286.1CVE-2022-39053
MISC
hitach -- vantaraA tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3.2022-09-264.9CVE-2021-28052
MISC
MISC
ibm -- application_gatewayIBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965.2022-09-285.4CVE-2022-22387
XF
CONFIRM
ibm -- common_cryptographic_architectureIBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596.2022-09-235.5CVE-2022-22423
XF
CONFIRM
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586.2022-09-235.4CVE-2022-40748
XF
CONFIRM
ibm -- infosphere_information_serverIBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system.2022-09-296.5CVE-2012-4818
MISC
XF
ibm -- java_sdkIBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.2022-09-295.5CVE-2015-1931
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ibm -- jazz_for_service_managementIBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381.2022-09-285.4CVE-2022-35722
CONFIRM
XF
ibm -- jazz_for_service_managementIBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.2022-09-235.4CVE-2022-35721
CONFIRM
XF
ibm -- qradar_user_behavior_analyticsIBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.2022-09-286.5CVE-2022-36771
XF
CONFIRM
ibm -- rational_asset_managerIBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences.2022-09-294.3CVE-2011-4820
XF
ibm -- rational_changeIBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.2022-09-296.1CVE-2012-2160
MISC
XF
ibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.2022-09-286.5CVE-2022-35282
XF
CONFIRM
iegeek -- ig20_firmwareieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.2022-09-266.5CVE-2022-38970
MISC
ikus-soft -- rdiffwebUse of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8.2022-09-284.6CVE-2022-3292
CONFIRM
MISC
inventree_project -- inventreeCross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.2022-09-295.4CVE-2022-3355
CONFIRM
MISC
iris -- isamsISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application.2022-09-275.4CVE-2022-37028
MISC
MISC
ivanti -- endpoint_managerThe “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.2022-09-236.7CVE-2022-30121
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable2022-09-235.3CVE-2022-40979
MISC
kfm_project -- kfmCross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.2022-09-236.1CVE-2022-40359
MISC
MISC
lcnet -- smart_evisionSmart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information.2022-09-286.5CVE-2022-39029
MISC
lcnet -- smart_evisionSmart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files.2022-09-286.5CVE-2022-39034
MISC
lcnet -- smart_evisionSmart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only.2022-09-285.3CVE-2022-39031
MISC
lcnet -- smart_evisionSmart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.2022-09-285.4CVE-2022-39035
MISC
linux -- linux_kernelA race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition2022-09-274.7CVE-2022-3303
MISC
MISC
linux -- linux_kernelThere exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c2022-09-235.5CVE-2022-2785
CONFIRM
CONFIRM
mailoptin -- mailoptinUnauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.2022-09-235.3CVE-2022-36340
CONFIRM
CONFIRM
matrix -- javascript_sdkMatrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is patched in matrix-js-sdk v19.7.0. Redacting applicable events, waiting for the sync processor to store data, and restarting the client are possible workarounds. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue.2022-09-285.3CVE-2022-39236
MISC
MISC
MISC
CONFIRM
matrix -- software_development_kitmatrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. Starting with version 1.5.1, the default policy for accepting key forwards has been made more strict in the matrix-android-sdk2. The matrix-android-sdk2 will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). As a workaroubnd, current users of the SDK can disable key forwarding in their forks using `CryptoService#enableKeyGossiping(enable: Boolean)`.2022-09-285.3CVE-2022-39246
MISC
CONFIRM
MISC
MISC
mattermost -- mattermost_serverMattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.2022-09-236.5CVE-2022-3257
MISC
MISC
mediawiki -- mediawikiAn issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.2022-09-296.1CVE-2021-42046
MISC
MISC
MISC
mediawiki -- mediawikiAn issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.2022-09-294.8CVE-2021-42048
MISC
MISC
mediawiki -- mediawikiAn issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions.2022-09-296.5CVE-2021-42049
MISC
MISC
mediawiki -- mediawikiAn issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback.2022-09-295.4CVE-2021-42047
MISC
MISC
metersphere -- metersphereAn arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.2022-09-296.5CVE-2021-45789
MISC
mygraph_project -- mygraphMyGraph is a permission management system. Versions prior to 1.0.4 are vulnerable to a storage XSS vulnerability leading to Remote Code Execution. This issue is patched in version 1.0.4. There is no known workaround.2022-09-245.4CVE-2022-39240
CONFIRM
nheko_project -- nhekonheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one's own devices, and/or avoid pressing the request button in the settings menu.2022-09-285.9CVE-2022-39264
CONFIRM
MISC
MISC
FEDORA
notice_board_project -- notice_boardAuthenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress.2022-09-235.4CVE-2022-38460
CONFIRM
CONFIRM
nuxtjs -- netlify-ipxnetlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be achieved by requesting a malicious SVG with embedded scripts, which would then be served from the site domain. Note that this does not apply to images loaded in `<img>` tags, as scripts do not execute in this context. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. This problem has been fixed in version 1.2.3. As a workaround, cached content can be cleared by re-deploying the site.2022-09-235.4CVE-2022-39239
CONFIRM
octopus -- octopus_serverIn affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.2022-09-284.3CVE-2022-2760
MISC
online_market_place_site_project -- online_market_place_siteSourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields.2022-09-265.4CVE-2022-30003
MISC
MISC
ovirt -- ovirt-engineAn HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages.2022-09-286.1CVE-2022-3193
MISC
oxilab -- image_hover_effects_ultimateThe Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.2022-09-235.4CVE-2022-2937
MISC
MISC
parity -- frontierFrontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can construct blocks with transactions that have large amount of refunds or unused gases with reverts, and as a result inflate up the chain gas prices. The impact of this issue is limited in that the spamming attack would still be costly for any adversary, and it has no ability to alter any chain state. This issue has been patched in commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658. There are no known workarounds.2022-09-245.3CVE-2022-39242
MISC
CONFIRM
php -- phpIn PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.2022-09-286.5CVE-2022-31629
MISC
php -- phpIn PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.2022-09-285.5CVE-2022-31628
MISC
quantumcloud -- slider_heroThe Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks.2022-09-264.8CVE-2022-3074
MISC
rocket.chat -- rocket.chatA cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.2022-09-235.3CVE-2022-32217
MISC
rocket.chat -- rocket.chatAn improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code).2022-09-236.8CVE-2022-30124
MISC
rocket.chat -- rocket.chatAn information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries.2022-09-234.3CVE-2022-32218
MISC
rocket.chat -- rocket.chatAn information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). This means virtually any authenticated user can access any data (except password hashes) of any user authenticated.2022-09-234.3CVE-2022-32219
MISC
rocket.chat -- rocket.chatAn information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.2022-09-236.5CVE-2022-32220
MISC
rocket.chat -- rocket.chatAn improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching rid String a$regex query can be executed, bypassing the room access permission check for every but the first matching room.2022-09-234.3CVE-2022-32226
MISC
rocket.chat -- rocket.chatAn information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs.2022-09-234.3CVE-2022-32228
MISC
rocket.chat -- rocket.chatA cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product.2022-09-236.5CVE-2022-32227
MISC
rocket.chat -- rocket.chatA cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed.2022-09-235.4CVE-2022-35251
MISC
rocket.chat -- rocket.chatA information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.2022-09-234.3CVE-2022-32229
MISC
rocket.chat -- rocket.chatA privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.2022-09-234.3CVE-2022-35250
MISC
rocket.chat -- rocket.chatA information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.2022-09-234.3CVE-2022-35249
MISC
rocket.chat -- rocket.chatA information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients.2022-09-234.3CVE-2022-35247
MISC
rocket.chat -- rocket.chatA NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access.2022-09-234.3CVE-2022-35246
MISC
seo_smart_links_project -- seo_smart_linksThe SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-09-264.8CVE-2022-3135
MISC
simple_bitcoin_faucets_project -- simple_bitcoin_faucetsThe Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues2022-09-265.4CVE-2022-3024
MISC
simplefilelist -- simple-file-listThe Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting2022-09-266.1CVE-2022-3062
MISC
sony -- playstation_4_firmwareA vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical device. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-209679.2022-09-286.8CVE-2022-3349
MISC
MISC
svg_support_wordpress -- svg_supportThe SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks2022-09-265.4CVE-2022-1755
MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc.2022-09-235.5CVE-2022-35099
MISC
MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.2022-09-235.5CVE-2022-35096
MISC
MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc.2022-09-235.5CVE-2022-35097
MISC
MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow()2022-09-235.5CVE-2022-35091
MISC
MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c.2022-09-235.5CVE-2022-35092
MISC
MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.2022-09-235.5CVE-2022-35093
MISC
MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.2022-09-235.5CVE-2022-35094
MISC
MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc.2022-09-235.5CVE-2022-35098
MISC
MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc.2022-09-235.5CVE-2022-35095
MISC
MISC
tabs_project -- tabsMultiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress.2022-09-235.4CVE-2022-40215
CONFIRM
CONFIRM
tenda -- i9_firmwareTenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-235.5CVE-2022-40103
MISC
themehunk -- wp_popup_builderThe WP Popup Builder WordPress plugin through 1.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting2022-09-266.1CVE-2022-2404
MISC
themehunk -- wp_popup_builderThe WP Popup Builder WordPress plugin through 1.2.8 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup2022-09-264.3CVE-2022-2405
MISC
tooljet -- tooljetJust like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim.2022-09-284.9CVE-2022-3348
CONFIRM
MISC
trudesk_project -- trudeskReflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page2022-09-295.4CVE-2022-1719
CONFIRM
MISC
velneo -- vclientVelneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.2022-09-235.9CVE-2021-45035
CONFIRM
CONFIRM
MISC
MISC
veritas -- system_recoveryVeritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.2022-09-236.5CVE-2022-41320
MISC
vim -- vimNULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.2022-09-295.5CVE-2022-1725
CONFIRM
MISC
vim -- vimNULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.2022-09-235.5CVE-2022-3278
MISC
CONFIRM
vtiger -- vtiger_crmVtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.2022-09-275.4CVE-2022-38335
MISC
MISC
MISC
webhelpagency -- wha_crosswordAuthenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA Crossword plugin <= 1.1.10 at WordPress.2022-09-235.4CVE-2022-37330
CONFIRM
CONFIRM
wordlift -- wordliftThe WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-09-264.8CVE-2022-3069
MISC
wpchill -- cpo_shortcodesAuthenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress.2022-09-234.8CVE-2022-40672
CONFIRM
CONFIRM
xbifrost -- bifrostBifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.2022-09-266.5CVE-2022-39219
MISC
MISC
CONFIRM
xdsoft -- jodit_editorJodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.2022-09-246.1CVE-2022-23461
CONFIRM
zammad -- zammadZammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.2022-09-274.3CVE-2022-40817
MISC
zammad -- zammadZammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2.2022-09-276.5CVE-2022-40816
MISC
zealousweb -- generate_pdf_using_contact_form_7The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-09-264.8CVE-2022-3070
MISC
zephyr-one -- zephyr_project_managerA vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability.2022-09-285.4CVE-2022-3333
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.2022-09-295.3CVE-2020-15337
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.2022-09-295.3CVE-2020-15329
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.2022-09-295.3CVE-2020-15330
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.2022-09-295.3CVE-2020-15326
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.2022-09-295.3CVE-2020-15325
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.2022-09-295.3CVE-2020-15334
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.2022-09-296.1CVE-2020-15339
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.2022-09-295.3CVE-2020-15338
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.2022-09-295.3CVE-2020-15333
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.2022-09-295.3CVE-2020-15343
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.2022-09-295.3CVE-2020-15344
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.2022-09-295.3CVE-2020-15345
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.2022-09-295.3CVE-2020-15346
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.2022-09-295.3CVE-2020-15342
MISC
MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.2022-09-295.3CVE-2020-15328
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
blazzdev -- rate_my_post_-_wp_rating_systemAuthenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes.2022-09-233.1CVE-2022-40310
CONFIRM
CONFIRM
dell -- smartfabric_os10Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.2022-09-283.7CVE-2022-34394
MISC
ec-cube -- ec-cubeDirectory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information.2022-09-272.7CVE-2022-40199
MISC
MISC
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.2022-09-282.7CVE-2022-28815
CONFIRM
haxx -- curlWhen curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.2022-09-233.7CVE-2022-35252
MISC
CONFIRM
ikus-soft -- rdiffwebImproper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8.2022-09-262.4CVE-2022-3301
CONFIRM
MISC
parseplatform -- parse-serverParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for _Facebook_ and _Spotify_ may be circumvented. Configurations which allow users to authenticate using the Parse Server authentication adapter where `appIds` is set as a string instead of an array of strings authenticate requests from an app with a different app ID than the one specified in the `appIds` configuration. For this vulnerability to be exploited, an attacker needs to be assigned an app ID by the authentication provider which is a sub-set of the server-side configured app ID. This issue is patched in versions 4.10.16 and 5.2.7. There are no known workarounds.2022-09-233.7CVE-2022-39231
CONFIRM
parseplatform -- parse-serverParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker can assign the session object to their own user by writing to the `user` field and then read any custom fields of that session object. Note that assigning a session to another user does not usually change the privileges of either of the two users, and a user cannot assign their own session to another user. This issue is patched in version 4.10.15 and above, and 5.2.6 and above. To mitigate this issue in unpatched versions add a `beforeSave` trigger to the `_Session` class and prevent writing if the requesting user is different from the user in the session object.2022-09-233.1CVE-2022-39225
CONFIRM
toaruos -- toaruosreadelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file.2022-09-283.3CVE-2022-38934
MISC
trendmicro -- deep_securityAn Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708.2022-09-283.3CVE-2022-40707
N/A
N/A
trendmicro -- deep_securityAn Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707.2022-09-283.3CVE-2022-40708
N/A
N/A
trendmicro -- deep_securityAn Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708.2022-09-283.3CVE-2022-40709
N/A
N/A

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
actian -- zenIf folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database.2022-09-30not yet calculatedCVE-2022-40756
MISC
MISC
amazon -- redshift
 
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.2022-09-29not yet calculatedCVE-2022-41828
MISC
ampere -- altra_and_altra_max
 
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.2022-09-29not yet calculatedCVE-2022-35888
MISC
MISC
applock -- applock
 
AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.2022-09-30not yet calculatedCVE-2022-1959
MISC
MISC
bento4 -- bento4
 
An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.2022-09-30not yet calculatedCVE-2022-41847
MISC
MISC
MISC
bento4 -- bento4
 
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.2022-09-30not yet calculatedCVE-2022-41841
MISC
bento4 -- bento4
 
An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h.2022-09-30not yet calculatedCVE-2022-41845
MISC
MISC
bento4 -- bento4
 
An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.2022-09-30not yet calculatedCVE-2022-41846
MISC
MISC
bigbluebutton -- bigbluebuttonIn BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.2022-09-29not yet calculatedCVE-2020-27601
MISC
MISC
bigbluebutton -- bigbluebutton
 
BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.2022-09-29not yet calculatedCVE-2020-27602
MISC
MISC
bigprof -- online_invoicing_system
 
BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments.2022-09-29not yet calculatedCVE-2020-35674
MISC
bigprof -- online_invoicing_system
 
BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to Administrator and effectively taking over the application.2022-09-29not yet calculatedCVE-2020-35675
MISC
MISC
billing_system_project -- billing_system_project
 
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.2022-09-30not yet calculatedCVE-2022-41440
MISC
billing_system_project -- billing_system_project
 
Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.2022-09-30not yet calculatedCVE-2022-41437
MISC
billing_system_project -- billing_system_project
 
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.2022-09-30not yet calculatedCVE-2022-41439
MISC
bosch -- videojet_decoderInformation Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.2022-09-30not yet calculatedCVE-2022-32540
CONFIRM
bus_pass_management_system -- bus_pass_management_system
 
Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..2022-09-30not yet calculatedCVE-2022-35156
MISC
MISC
MISC
bus_pass_management_system -- bus_pass_management_system
 
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.2022-09-30not yet calculatedCVE-2022-35155
MISC
MISC
MISC
canon -- vitrea_view
 
Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.2022-09-30not yet calculatedCVE-2022-37461
MISC
MISC
CONFIRM
chamilo -- chamilo
 
A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.2022-09-29not yet calculatedCVE-2022-40407
CONFIRM
MISC
MISC
chipolo -- chipolo
 
Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials.2022-09-27not yet calculatedCVE-2022-37193
MISC
MISC
cisco -- aironet_access_point
 
A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition.2022-09-30not yet calculatedCVE-2022-20945
CISCO
cisco -- ios_xeA vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition.2022-09-30not yet calculatedCVE-2022-20856
CISCO
cisco -- ios_xeA vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.2022-09-30not yet calculatedCVE-2022-20855
CISCO
cisco -- ios_xe
 
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device.2022-09-30not yet calculatedCVE-2022-20851
CISCO
cisco -- multiple_productsA vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a smart card login to bypass Duo authentication. A successful exploit could allow the attacker to use any personal identity verification (PIV) smart card for authentication, even if the smart card is not assigned to the authenticating user.2022-09-30not yet calculatedCVE-2022-20662
CISCO
cisco -- multiple_productsA vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.2022-09-30not yet calculatedCVE-2022-20728
CISCO
cisco -- multiple_productsA vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device.2022-09-30not yet calculatedCVE-2022-20810
CISCO
cisco -- multiple_products
 
A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2022-09-30not yet calculatedCVE-2022-20848
CISCO
cisco -- multiple_products
 
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.2022-09-30not yet calculatedCVE-2022-20844
CISCO
cisco -- multiple_products
 
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.2022-09-30not yet calculatedCVE-2022-20775
CISCO
cisco -- multiple_products
 
A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malicious DHCP messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2022-09-30not yet calculatedCVE-2022-20847
CISCO
cisco -- multiple_products
 
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.2022-09-30not yet calculatedCVE-2022-20818
CISCO
cisco -- multiple_products
 
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.2022-09-30not yet calculatedCVE-2022-20769
CISCO
cisco -- multiple_products
 
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.2022-09-27not yet calculatedCVE-2021-27853
CONFIRM
CONFIRM
CONFIRM
CISCO
cisco -- multiple_products
 
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.2022-09-27not yet calculatedCVE-2021-27854
CONFIRM
CONFIRM
CONFIRM
cisco -- multiple_products
 
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)2022-09-27not yet calculatedCVE-2021-27861
CONFIRM
CONFIRM
CONFIRM
cisco -- multiple_products
 
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).2022-09-27not yet calculatedCVE-2021-27862
CONFIRM
CONFIRM
cisco -- multiple_products
 
A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.2022-09-30not yet calculatedCVE-2022-20919
CISCO
cisco -- sd-wan_ solution
 
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.2022-09-30not yet calculatedCVE-2022-20850
CISCO
cisco -- sd-wan_ solution
 
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.2022-09-30not yet calculatedCVE-2022-20930
CISCO
contec -- fxa3200
 
Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).2022-09-26not yet calculatedCVE-2022-36158
MISC
MISC
MISC
MISC
contec -- fxa3200
 
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware.2022-09-26not yet calculatedCVE-2022-36159
MISC
MISC
MISC
MISC
css-what -- css-what
 
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.2022-09-30not yet calculatedCVE-2022-21222
CONFIRM
CONFIRM
dell -- hybrid_client
 
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.2022-09-30not yet calculatedCVE-2022-34429
MISC
dell -- hybrid_client
 
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.2022-09-30not yet calculatedCVE-2022-34428
MISC
dfsms -- dairy_farm_shop_management_systemDairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.2022-09-30not yet calculatedCVE-2022-40943
MISC
MISC
dfsms -- dairy_farm_shop_management_systemDairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.2022-09-30not yet calculatedCVE-2022-40944
MISC
MISC
MISC
dgiot_lightweight -- dgiot_lightweight
 
DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.2022-09-29not yet calculatedCVE-2022-35137
MISC
MISC
discourse -- discourse
 
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.2022-09-29not yet calculatedCVE-2022-36068
MISC
MISC
CONFIRM
discourse -- discourse
 
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.2022-09-29not yet calculatedCVE-2022-36066
MISC
CONFIRM
MISC
discourse -- discourse
 
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.2022-09-29not yet calculatedCVE-2022-39226
CONFIRM
MISC
MISC
discourse -- discourse
 
Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console.2022-09-29not yet calculatedCVE-2022-39232
MISC
CONFIRM
MISC
dnnsoftware -- dnn.platform
 
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.2022-09-30not yet calculatedCVE-2022-2922
MISC
CONFIRM
flipper_devices_inc -- flipper_zero
 
A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file.2022-09-29not yet calculatedCVE-2022-40363
MISC
MISC
gridea -- gridea
 
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.2022-09-30not yet calculatedCVE-2022-40274
MISC
MISC
hospital_management_system -- mini-project
 
hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.2022-09-29not yet calculatedCVE-2022-33880
MISC
hp -- print_productsCertain HP Print Products are potentially vulnerable to Remote Code Execution.2022-09-26not yet calculatedCVE-2022-28721
MISC
hp -- print_products
 
Certain HP Print Products are potentially vulnerable to Buffer Overflow.2022-09-26not yet calculatedCVE-2022-28722
MISC
htmly -- htmly
 
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.2022-09-30not yet calculatedCVE-2021-33354
MISC
ibm -- robotic_process_automation_clients
 
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.2022-09-29not yet calculatedCVE-2022-39168
XF
CONFIRM
ikus060 -- rdiffwebAllocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.2022-09-30not yet calculatedCVE-2022-3371
CONFIRM
MISC
ikus060 -- rdiffwebWeak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.2022-09-29not yet calculatedCVE-2022-3326
CONFIRM
MISC
ikus060 -- rdiffweb
 
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.2022-09-29not yet calculatedCVE-2022-3364
CONFIRM
MISC
innovaphone -- innovaphoneAP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.2022-09-30not yet calculatedCVE-2022-41870
MISC
joplin -- joplin
 
Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.2022-09-30not yet calculatedCVE-2022-40277
MISC
MISC
kekingcn -- kkfileview
 
kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'2022-09-29not yet calculatedCVE-2022-40879
MISC
leryx-longsoft -- clash_for_windowsA misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.2022-09-29not yet calculatedCVE-2022-40126
MISC
lief -- lief
 
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.2022-09-30not yet calculatedCVE-2022-40923
MISC
linux -- kerneldrivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.2022-09-30not yet calculatedCVE-2022-41849
MISC
linux -- kernel
 
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.2022-09-30not yet calculatedCVE-2022-41848
MISC
MISC
linux -- kernel
 
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.2022-09-30not yet calculatedCVE-2022-41850
MISC
matrix -- javascript_sdkMatrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround.2022-09-29not yet calculatedCVE-2022-39250
MISC
MISC
MISC
CONFIRM
matrix -- nio
 
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue.2022-09-29not yet calculatedCVE-2022-39254
CONFIRM
MISC
matrix -- rust-sdk
 
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.2022-09-29not yet calculatedCVE-2022-39252
CONFIRM
MISC
MISC
MISC
mediawiki -- securepollAn issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote.2022-09-29not yet calculatedCVE-2021-42045
MISC
MISC
mojoportal -- mojoportal
 
mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file.2022-09-30not yet calculatedCVE-2022-40341
MISC
MISC
moodle -- moodleInsufficient capability checks made it possible for teachers to download users outside of their courses.2022-09-29not yet calculatedCVE-2021-40692
MISC
moodle -- moodle
 
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.2022-09-29not yet calculatedCVE-2021-40695
MISC
moodle -- moodle
 
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.2022-09-29not yet calculatedCVE-2021-40693
MISC
moodle -- moodle
 
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.2022-09-30not yet calculatedCVE-2022-40316
MISC
MISC
moodle -- moodle
 
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.2022-09-29not yet calculatedCVE-2021-40694
MISC
moodle -- moodle
 
A limited SQL injection risk was identified in the "browse list of users" site administration page.2022-09-30not yet calculatedCVE-2022-40315
MISC
MISC
moodle -- moodle
 
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.2022-09-30not yet calculatedCVE-2022-40314
MISC
MISC
moodle -- mustache_templates
 
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.2022-09-30not yet calculatedCVE-2022-40313
MISC
MISC
netapp -- snapcenter
 
SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.2022-09-29not yet calculatedCVE-2022-38732
MISC
nodejs -- isolated-vm
 
isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. As of time of publication, there are no known fixed versions or workarounds.2022-09-29not yet calculatedCVE-2022-39266
CONFIRM
octopus -- deploy
 
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.2022-09-30not yet calculatedCVE-2022-2778
MISC
open5gs -- open5gs
 
A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service.2022-09-29not yet calculatedCVE-2022-40890
MISC
open5gs -- open5gs
 
A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The name of the patch is 724fa568435dae45ef0c3a48b2aabde052afae88. It is recommended to apply a patch to fix this issue. The identifier VDB-209545 was assigned to this vulnerability.2022-09-26not yet calculatedCVE-2022-3299
MISC
MISC
MISC
orchest -- orchest
 
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at rick@orchest.io2022-09-30not yet calculatedCVE-2022-39268
MISC
MISC
MISC
CONFIRM
pingidentity -- pingcentralPingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.2022-09-30not yet calculatedCVE-2022-23726
MISC
CONFIRM
pulse_secure -- pulse_connect_secure_vpn_server
 
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.2022-09-30not yet calculatedCVE-2022-21826
MISC
qemu_and_redhat --multiple_products
 
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.2022-09-29not yet calculatedCVE-2014-0144
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
qemu_and_redhat --multiple_products
 
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.2022-09-29not yet calculatedCVE-2014-0147
MISC
MISC
MISC
MISC
MISC
MISC
qemu_and_redhat --multiple_products
 
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.2022-09-29not yet calculatedCVE-2014-0148
MISC
MISC
MISC
MISC
MISC
MISC
react-native-reanimated -- react-native-reanimated
 
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.2022-09-30not yet calculatedCVE-2022-24373
CONFIRM
CONFIRM
CONFIRM
CONFIRM
realvnc -- vnc_server
 
RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.2022-09-30not yet calculatedCVE-2022-41975
MISC
ruby -- ruby
 
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.2022-09-29not yet calculatedCVE-2016-2338
MLIST
MISC
sflow -- decode_package
 
sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.2022-09-30not yet calculatedCVE-2022-2529
MISC
shibboleth -- multiple_products
 
A session hijack risk was identified in the Shibboleth authentication plugin.2022-09-29not yet calculatedCVE-2021-40691
MISC
solarwinds -- orionInsufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).2022-09-30not yet calculatedCVE-2022-36965
CONFIRM
CONFIRM
solarwinds -- orionA vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.2022-09-30not yet calculatedCVE-2022-36961
MISC
MISC
sonicjs -- sonicjs
 
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.2022-10-01not yet calculatedCVE-2022-42002
MISC
MISC
sourcecodester -- best_student_result_management_system
 
SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.2022-09-29not yet calculatedCVE-2022-40887
MISC
totolink -- a860r
 
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.2022-09-29not yet calculatedCVE-2022-40475
MISC
transfer.sh -- transfer.sh
 
dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS).2022-09-29not yet calculatedCVE-2022-40931
MISC
MISC
uclibc -- uclibc-ng
 
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.2022-09-29not yet calculatedCVE-2022-29503
MISC

western_digital_and_sandisk -- multiple_products
 

 

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.2022-09-27not yet calculatedCVE-2022-23006
MISC
wolfssl -- wolfssl
 
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.2022-09-29not yet calculatedCVE-2022-39173
MISC
MISC
wordpress -- wordpressAuthenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress.2022-09-30not yet calculatedCVE-2021-36830
CONFIRM
CONFIRM
wordpress -- wordpress
 
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.2022-09-30not yet calculatedCVE-2021-36865
CONFIRM
CONFIRM
wordpress -- wordpress
 
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress.2022-09-30not yet calculatedCVE-2021-36855
CONFIRM
CONFIRM
wordpress -- wordpress
 
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress.2022-09-30not yet calculatedCVE-2021-36854
CONFIRM
CONFIRM
wordpress -- wordpress
 
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress.2022-09-30not yet calculatedCVE-2021-36839
CONFIRM
CONFIRM
xpdf -- xpdf_reader
 
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.2022-09-30not yet calculatedCVE-2022-41842
MISC
MISC
xpdf -- xpdf_reader
 
An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.2022-09-30not yet calculatedCVE-2022-41843
MISC
MISC
xpdf -- xpdf_reader
 
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.2022-09-30not yet calculatedCVE-2022-41844
MISC
MISC
MISC
yii -- feehicms
 
FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.2022-09-29not yet calculatedCVE-2022-40408
MISC
zkteco -- zkbio_timeZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module.2022-09-29not yet calculatedCVE-2022-40472
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.