Vulnerability Summary for the Week of November 14, 2022

Original release date: November 21, 2022 | Last revised: November 22, 2022

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary

Vendor — Product
Description Published CVSS Score Source & Patch Info
aiphone — gt-dmb-n_firmware Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges. 2022-11-14 7.5 CVE-2022-40903

MISC

MISC
amazon — opensearch OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue. 2022-11-15 9.8 CVE-2022-41918

MISC

CONFIRM
amazon — opensearch_notifications OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin 2.2.0 and below could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin’s intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds. 2022-11-11 8.7 CVE-2022-41906

MISC

CONFIRM

MISC
apache — airflow A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. 2022-11-14 8.8 CVE-2022-40127

MISC

MISC

MLIST
apache — airflow A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1. 2022-11-14 7.5 CVE-2022-27949

MISC

MISC

MLIST
apache — archiva If anonymous read enabled, it’s possible to read the database file directly without logging in. 2022-11-15 7.5 CVE-2022-40308

CONFIRM

MLIST
apache — sshd Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server. 2022-11-16 9.8 CVE-2022-45047

CONFIRM
archesproject — arches Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it’s possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds. 2022-11-11 9.8 CVE-2022-41892

CONFIRM
atlassian — bitbucket There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”. 2022-11-17 9.8 CVE-2022-43781

MISC

MISC
atlassian — confluence_data_center The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded. 2022-11-15 7.5 CVE-2022-42977

MISC
atlassian — confluence_data_center In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system. 2022-11-15 7.5 CVE-2022-42978

MISC
atlassian — crowd Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd’s REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3 2022-11-17 9.8 CVE-2022-43782

MISC
automattic — crowdsignal_dashboard Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. 2022-11-17 8.8 CVE-2022-45069

CONFIRM
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic. 2022-11-18 7.2 CVE-2022-44378

MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service. 2022-11-18 7.2 CVE-2022-44379

MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction. 2022-11-17 7.2 CVE-2022-44402

MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=. 2022-11-17 7.2 CVE-2022-44403

MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=. 2022-11-18 7.2 CVE-2022-44413

MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=. 2022-11-18 7.2 CVE-2022-44414

MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=. 2022-11-18 7.2 CVE-2022-44415

MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=. 2022-11-18 7.2 CVE-2022-44820

MISC
axiosys — bento4 A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is the function AP4_StdcFileByteStream::ReadPartial of the file Ap4StdCFileByteStream.cpp of the component mp4info. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213553 was assigned to this vulnerability. 2022-11-13 8.8 CVE-2022-3974

N/A

N/A

N/A
backclick — backclick An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed. 2022-11-17 9.8 CVE-2022-44001

MISC

MISC
backclick — backclick An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations. 2022-11-16 9.8 CVE-2022-44003

MISC

MISC
backclick — backclick An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password. 2022-11-16 9.8 CVE-2022-44004

MISC

MISC
backclick — backclick An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by uploading an executable file. 2022-11-16 9.8 CVE-2022-44006

MISC

MISC
badgermeter — moni In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS. 2022-11-15 8.8 CVE-2020-12507

MISC
badgermeter — moni In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module. 2022-11-15 7.5 CVE-2020-12508

MISC
bruhn-newtech — cbrn-analysis CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. 2022-11-12 8.8 CVE-2022-45193

MISC
camp_project — camp patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when password.txt is accessed can be bypassed. Furthermore, it is not necessary to crack the password hash to authenticate with the application because the password hash is also used as the cookie secret, so an attacker can generate his own authentication cookie. 2022-11-14 9.8 CVE-2022-37109

MISC

MISC

MISC
canteen_management_system_project — canteen_management_system An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-15 9.8 CVE-2022-43265

MISC

MISC
canteen_management_system_project — canteen_management_system An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-14 7.2 CVE-2022-43146

MISC

MISC
cisco — firepower_management_center A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device. 2022-11-15 7.5 CVE-2022-20854

MISC
clogica — seo_redirection Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress. 2022-11-18 8.8 CVE-2022-40695

CONFIRM

CONFIRM
college_management_system_project — college_management_system College Management System v1.0 – SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page. 2022-11-17 9.8 CVE-2022-39180

MISC
college_management_system_project — college_management_system College Management System v1.0 – Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. 2022-11-17 7.2 CVE-2022-39179

MISC
concretecms — concrete_cms Concrete CMS is vulnerable to CSRF due to the lack of “State” parameter for external Concrete authentication service for users of Concrete who use the “out of the box” core OAuth. 2022-11-14 8.8 CVE-2022-43693

MISC

MISC

MISC

MISC

MISC
constantcontact — creative_mail Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. 2022-11-18 8.8 CVE-2022-40686

CONFIRM
constantcontact — creative_mail Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. 2022-11-18 8.8 CVE-2022-40687

CONFIRM
contec — solarview_compact_firmware SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php 2022-11-17 9.8 CVE-2022-40881

MISC
crm42_project — crm42 A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42classclass.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability. 2022-11-11 9.8 CVE-2022-3955

N/A

N/A
deltaww — diaenergie SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network 2022-11-17 8.8 CVE-2022-41775

MISC
deltaww — diaenergie SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network 2022-11-17 8.8 CVE-2022-43447

MISC
deltaww — diaenergie SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network 2022-11-17 8.8 CVE-2022-43452

MISC
deltaww — diaenergie SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network 2022-11-17 8.8 CVE-2022-43457

MISC
deltaww — diaenergie SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network 2022-11-17 8.8 CVE-2022-43506

MISC
diffie-hellman_key_exchange_project — diffie-hellman_key_exchange Using long exponents in the Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. An attacker may cause asymmetric resource consumption with any common client application which uses a DHE implementation that applies short exponents. The attack may be more disruptive in cases where a client sends arbitrary numbers that are actually not DH public keys (aka the D(HE)ater attack) or can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. This can affect TLS, SSH, and IKE. 2022-11-14 7.5 CVE-2022-40735

MISC

MISC

MISC

MISC

MISC
dolibarr — dolibarr_erp/crm Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. 2022-11-17 9.8 CVE-2022-43138

MISC
dreamer_cms_project — dreamer_cms Dreamer CMS 4.0.01 is vulnerable to SQL Injection. 2022-11-17 9.8 CVE-2022-42245

MISC
duofoxtechnologies — duofox_cms Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. 2022-11-17 8.8 CVE-2022-42246

MISC
eolink — goku_lite A vulnerability classified as critical has been found in eolinker goku_lite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213453 was assigned to this vulnerability. 2022-11-11 9.8 CVE-2022-3947

N/A

N/A

N/A
eolink — goku_lite A vulnerability classified as critical was found in eolinker goku_lite. This vulnerability affects unknown code of the file /plugin/getList. The manipulation of the argument route/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-213454 is the identifier assigned to this vulnerability. 2022-11-11 9.8 CVE-2022-3948

N/A

N/A

N/A
erp_project — erp A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451. 2022-11-11 8.8 CVE-2022-3944

N/A

N/A
export_users_with_meta_project — export_users_with_meta Auth. CSV Injection vulnerability in Export Users With Meta plugin <= 0.6.8 on WordPress. 2022-11-17 8 CVE-2022-44577

CONFIRM
eyoucms — eyoucms EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. 2022-11-14 8.8 CVE-2022-43323

MISC
eyoucms — eyoucms EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. 2022-11-14 8.8 CVE-2022-44387

MISC
facebook — redex DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file. 2022-11-11 9.8 CVE-2022-36938

MISC
ferry_project — ferry A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier assigned to this vulnerability. 2022-11-11 9.8 CVE-2022-3939

N/A
ferry_project — ferry A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument file_name leads to path traversal. The associated identifier of this vulnerability is VDB-213447. 2022-11-11 9.8 CVE-2022-3940

N/A
ffmpeg — ffmpeg A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. 2022-11-13 8.1 CVE-2022-3964

N/A

N/A
ffmpeg — ffmpeg A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. 2022-11-13 8.1 CVE-2022-3965

N/A

N/A
follow_me_plugin_project — follow_me_plugin The “Follow Me Plugin” plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2022-11-15 8.8 CVE-2022-3240

MISC

MISC
freerdp — freerdp FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. 2022-11-16 9.1 CVE-2022-39319

CONFIRM

MISC
freerdp — freerdp FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel – command line options `/drive`, `+drives` or `+home-drive`. 2022-11-16 9.1 CVE-2022-41877

CONFIRM

MISC
freerdp — freerdp FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade. 2022-11-16 7.5 CVE-2022-39316

MISC

CONFIRM
freerdp — freerdp FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. 2022-11-16 7.5 CVE-2022-39318

CONFIRM

MISC
freerdp — freerdp FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch. 2022-11-16 7.5 CVE-2022-39347

CONFIRM

MISC
guitar-pro — guitar_pro Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request. 2022-11-16 7.5 CVE-2022-43264

MISC
hashicorp — consul HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering’s imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0. 2022-11-16 7.5 CVE-2022-3920

MISC
heimdal_project — heimdal Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal’s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal’s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. 2022-11-15 7.5 CVE-2022-41916

CONFIRM
hhims_project — hhims A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability. 2022-11-11 9.8 CVE-2022-3956

N/A

N/A
hms-php_project — hms-php A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213551. 2022-11-13 9.8 CVE-2022-3972

N/A

N/A
hms-php_project — hms-php A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213552. 2022-11-13 9.8 CVE-2022-3973

N/A

N/A
hoosk — hoosk An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-16 9.8 CVE-2022-43234

MISC
hospital_management_center_project — hospital_management_center A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213786 is the identifier assigned to this vulnerability. 2022-11-16 9.8 CVE-2022-4012

N/A

N/A
hospital_management_center_project — hospital_management_center A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787. 2022-11-16 8.8 CVE-2022-4013

N/A

N/A
human_resource_management_system_project — human_resource_management_system Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. 2022-11-16 9.8 CVE-2022-43262

MISC
hyperledger — fabric Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist. 2022-11-12 7.5 CVE-2022-45196

MISC

MISC
ibm — cics_tx IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463. 2022-11-14 7.5 CVE-2022-34319

MISC

MISC

MISC
ibm — cics_tx IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464. 2022-11-14 7.5 CVE-2022-34320

MISC

MISC

MISC
ibm — cloud_pak_for_security IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786. 2022-11-11 8.8 CVE-2022-38387

MISC

MISC
ibm — cloud_pak_for_security IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777. 2022-11-15 8.1 CVE-2022-38385

MISC

MISC
ibm — infosphere_information_server IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687. 2022-11-16 9.8 CVE-2022-40752

MISC

MISC
ibm — powervm_hypervisor After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695. 2022-11-11 9.8 CVE-2022-34331

MISC

MISC
ikus-soft — rdiffweb Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. 2022-11-14 9.8 CVE-2022-3362

CONFIRM

MISC
insyde — insydeh2o DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by 2022-11-14 7.8 CVE-2022-34325

MISC

MISC
insyde — kernel DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047 2022-11-15 7 CVE-2022-33905

MISC

MISC
insyde — kernel DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022050 2022-11-15 7 CVE-2022-33908

MISC

MISC
insyde — kernel DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corruption through a TOCTOU attack..This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051 2022-11-15 7 CVE-2022-33909

MISC

MISC
insyde — kernel DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022053 2022-11-15 7 CVE-2022-33983

MISC

MISC
insyde — kernel DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. This was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054 2022-11-15 7 CVE-2022-33984

MISC

MISC
insyde — kernel DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022055 2022-11-15 7 CVE-2022-33985

MISC

MISC
intel — active_management_technology Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. 2022-11-11 9.8 CVE-2022-26845

MISC
intel — active_management_technology Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. 2022-11-11 8.8 CVE-2022-29893

MISC
intel — active_management_technology Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access. 2022-11-11 7.5 CVE-2022-27497

MISC
intel — advanced_link_analyzer Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-27638

MISC
intel — data_center_manager Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2022-11-11 8.8 CVE-2022-33942

MISC
intel — endpoint_management_assistant Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-30297

MISC
intel — gametechdev_presentmon Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.3 CVE-2022-26086

MISC
intel — glorp Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-30548

MISC
intel — hyperscan Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access. 2022-11-11 9.8 CVE-2022-29486

MISC
intel — manageability_commander Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. 2022-11-11 8.8 CVE-2022-26341

MISC
intel — nuc7i3dnbe_firmware Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-26024

MISC
intel — nuc_10_performance_kit_nuc10i7fnhn_firmware Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-36789

MISC
intel — nuc_11_compute_element_cm11ebi38w_firmware Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-38099

MISC
intel — nuc_11_pro_kit_nuc11tnhi70z_firmware Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-37334

MISC
intel — nuc_8_rugged_kit_nuc8cchkrn_firmware Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-26124

MISC
intel — nuc_kit_nuc5i3myhe_firmware Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-36370

MISC
intel — nuc_kit_nuc5i3ryh_firmware Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-37345

MISC
intel — nuc_kit_wireless_adapter_driver_installer Incorrect default permissions in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-36377

MISC
intel — nuc_kit_wireless_adapter_driver_installer Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-36400

MISC
intel — nuc_kit_wireless_adapter_driver_installer Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.3 CVE-2022-36380

MISC
intel — nuc_kit_wireless_adapter_driver_installer Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.3 CVE-2022-36384

MISC
intel — quartus_prime Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2022-27187

MISC
intel — quartus_prime XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. 2022-11-11 7.5 CVE-2022-27233

MISC
intel — server_debug_and_provisioning_tool Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access. 2022-11-11 7.5 CVE-2022-26508

MISC
intel — system_studio Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.8 CVE-2021-33064

MISC
intel — vtune_profiler Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 7.3 CVE-2022-26028

MISC
intel — xmm_7560_firmware Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2022-11-11 9.6 CVE-2022-26513

MISC
intel — xmm_7560_firmware Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. 2022-11-11 8.4 CVE-2022-27639

MISC
intel — xmm_7560_firmware Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 8.2 CVE-2022-26079

MISC
intel — xmm_7560_firmware Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 8.2 CVE-2022-26367

MISC
intel — xmm_7560_firmware Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 8.2 CVE-2022-28126

MISC
intel — xmm_7560_firmware Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. 2022-11-11 8.1 CVE-2022-26369

MISC
intel — xmm_7560_firmware Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. 2022-11-11 7.2 CVE-2022-26045

MISC
intel — xmm_7560_firmware Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. 2022-11-11 7.2 CVE-2022-27874

MISC
intel — xmm_7560_firmware Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. 2022-11-11 7.2 CVE-2022-28611

MISC
ironmansoftware — powershell_universal Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6. 2022-11-14 8.8 CVE-2022-45183

MISC

CONFIRM

MISC
ironmansoftware — powershell_universal The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7. 2022-11-14 7.2 CVE-2022-45184

MISC

CONFIRM

MISC
jenkins — cccc Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-11-15 9.8 CVE-2022-45395

CONFIRM
jenkins — cloudbees_docker_hub/registry_notification A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. 2022-11-15 7.5 CVE-2022-45385

CONFIRM
jenkins — config_rotator Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with ‘.xml’ extension on the Jenkins controller file system. 2022-11-15 7.5 CVE-2022-45388

CONFIRM
jenkins — japex Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-11-15 9.8 CVE-2022-45400

CONFIRM
jenkins — ns-nd_integration_performance_publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. 2022-11-15 7.5 CVE-2022-38666

CONFIRM
jenkins — ns-nd_integration_performance_publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. 2022-11-15 7.5 CVE-2022-45391

CONFIRM
jenkins — osf_builder_suite_ Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-11-15 9.8 CVE-2022-45397

CONFIRM
jenkins — pipeline_utility_steps Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the ‘file:’ prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. 2022-11-15 9.1 CVE-2022-45381

CONFIRM
jenkins — script_security Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. 2022-11-15 7.5 CVE-2022-45379

CONFIRM
jenkins — sourcemonitor Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-11-15 9.8 CVE-2022-45396

CONFIRM
joinmastodon — mastodon Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. 2022-11-16 9.8 CVE-2022-2166

CONFIRM

MISC
kavitareader — kavita Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. 2022-11-14 9.8 CVE-2022-3993

CONFIRM

MISC
keking — kkfileview kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. 2022-11-17 7.5 CVE-2022-43140

MISC
konker — konker_platform Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF). 2022-11-15 8.8 CVE-2022-35613

MISC
libtiff — libtiff A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. 2022-11-13 9.8 CVE-2022-3970

N/A

N/A

N/A

N/A
liferay — digital_experience_platform A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin. 2022-11-15 7.5 CVE-2022-42123

MISC

MISC

MISC
liferay — digital_experience_platform ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the ‘name’ field of a layout prototype. 2022-11-15 7.5 CVE-2022-42124

MISC

MISC

MISC

MISC
liferay — digital_experience_platform Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module. 2022-11-15 7.5 CVE-2022-42125

MISC

MISC

MISC
liferay — dxp A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences’ `namespace` attribute. 2022-11-15 9.8 CVE-2022-42120

MISC

MISC

MISC
liferay — liferay_portal A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL. 2022-11-15 9.8 CVE-2022-42122

MISC

MISC

MISC
liferay — liferay_portal A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template’s ‘Name’ field. 2022-11-15 8.8 CVE-2022-42121

MISC

MISC

MISC
limesurvey — limesurvey LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. 2022-11-15 7.2 CVE-2022-43279

MISC
linux — linux_kernel A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-11-14 7.8 CVE-2022-3238

MISC
linuxfoundation — software_for_open_networking_in_the_cloud There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore. 2022-11-14 7.5 CVE-2022-0324

MISC

MISC
manydesigns — portofino A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability. 2022-11-11 7.1 CVE-2022-3952

N/A

N/A

N/A

N/A
muffingroup — betheme Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress. 2022-11-17 8.8 CVE-2022-45077

CONFIRM

CONFIRM
mz-automation — libiec61850 A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556. 2022-11-13 8.8 CVE-2022-3976

N/A

N/A

N/A
nagvis — nagvis A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. Upgrading to version 1.9.34 is able to address this issue. The name of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability. 2022-11-13 9.8 CVE-2022-3979

MISC

MISC

MISC
netatalk_project — netatalk Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). 2022-11-12 7.8 CVE-2022-45188

MISC

MISC

MISC

MISC
nextcloud — desktop The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. “vbs”, is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused. 2022-11-11 7.8 CVE-2022-41882

MISC

CONFIRM

MISC

MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php. 2022-11-16 9.8 CVE-2022-43135

MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php. 2022-11-17 7.2 CVE-2022-43162

MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /clients/view_client.php. 2022-11-17 7.2 CVE-2022-43163

MISC
online_leave_management_system_project — online_leave_management_system Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=. 2022-11-17 7.2 CVE-2022-43179

MISC
palantir — foundry_build2 Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater. 2022-11-15 7.5 CVE-2022-27895

MISC
palantir — foundry_code-workbooks Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0. 2022-11-14 7.5 CVE-2022-27896

MISC
phoenixcontact — automationworx_software_suite In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. 2022-11-15 7.8 CVE-2022-3461

MISC
phoenixcontact — automationworx_software_suite In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. 2022-11-15 7.8 CVE-2022-3737

MISC
phoenixcontact — fl_mguard_centerport_firmware A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue. 2022-11-15 7.5 CVE-2022-3480

MISC
php — php In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 2022-11-14 7.1 CVE-2022-31630

MISC
pistar — pi-star_digital_voice_dashboard Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. 2022-11-11 9.8 CVE-2022-45182

MISC

MISC

MISC

MISC

MISC
python — pillow Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). 2022-11-14 7.5 CVE-2022-45198

MISC

MISC

MISC

MISC

MISC
python — pillow Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. 2022-11-14 7.5 CVE-2022-45199

MISC

MISC

MISC

MISC
qualcomm — apq8009_firmware Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-11-15 7.8 CVE-2022-25724

CONFIRM
qualcomm — apq8009_firmware Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-11-15 7.8 CVE-2022-25743

CONFIRM
qualcomm — apq8009_firmware Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2022-11-15 7.5 CVE-2022-25710

CONFIRM
qualcomm — apq8009_firmware Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-11-15 7.5 CVE-2022-33239

CONFIRM
qualcomm — aqt1000_firmware Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-11-15 9.8 CVE-2022-33234

CONFIRM
qualcomm — aqt1000_firmware Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-11-15 7.5 CVE-2022-25741

CONFIRM
qualcomm — aqt1000_firmware Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-11-15 7.5 CVE-2022-33237

CONFIRM
qualcomm — ar8031_firmware Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music 2022-11-15 9.8 CVE-2022-25674

CONFIRM
qualcomm — ar8031_firmware Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music 2022-11-15 9.8 CVE-2022-25727

CONFIRM
qualcomm — ar8031_firmware Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music 2022-11-15 7.5 CVE-2022-25742

CONFIRM
qualcomm — ar8035_firmware Denial of service in MODEM due to reachable assertion in Snapdragon Mobile 2022-11-15 7.5 CVE-2022-25671

CONFIRM
qualcomm — ar8035_firmware Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2022-11-15 7.5 CVE-2022-33236

CONFIRM
qualcomm — ar9380_firmware Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking 2022-11-15 7.5 CVE-2022-25667

CONFIRM
rconfig — rconfig An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-17 8.8 CVE-2022-44384

MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. 2022-11-14 8.8 CVE-2022-43288

MISC
seacms — seacms SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. 2022-11-16 9.8 CVE-2022-43256

MISC
silabs — emberznet Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. 2022-11-14 9.8 CVE-2022-24937

MISC

MISC
silabs — emberznet A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. 2022-11-14 7.5 CVE-2022-24938

MISC

MISC
simple_history_project — simple_history A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213785 was assigned to this vulnerability. 2022-11-16 9.8 CVE-2022-4011

N/A

N/A

N/A
simple_image_gallery_web_app_project — simple_image_gallery_web_app A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through “id” parameter on the album page. 2022-11-17 8.8 CVE-2021-38819

MISC
siyucms — siyucms Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges 2022-11-14 7.2 CVE-2022-43030

MISC

MISC
sophos — mobile An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. 2022-11-16 9.8 CVE-2022-3980

CONFIRM
sports_club_management_system_project — sports_club_management_system A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/make_payments.php. The manipulation of the argument m_id/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213789 was assigned to this vulnerability. 2022-11-16 9.8 CVE-2022-4015

N/A

N/A
student_attendance_management_system_project — student_attendance_management_system A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213845 was assigned to this vulnerability. 2022-11-17 7.2 CVE-2022-4052

MISC

MISC
tagdiv_composer_project — tagdiv_composer The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address 2022-11-14 9.8 CVE-2022-3477

CONFIRM
tasmota_project — tasmota Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp. 2022-11-14 9.8 CVE-2022-43294

MISC

MISC
tenda — ac1200_v-w15ev2_firmware Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. 2022-11-15 9.8 CVE-2022-42058

MISC
tenda — ac1200_v-w15ev2_firmware In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter. 2022-11-15 7.8 CVE-2022-40847

MISC
tenda — ac1200_v-w15ev2_firmware Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. 2022-11-15 7.8 CVE-2022-41395

MISC
tenda — ac1200_v-w15ev2_firmware Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters. 2022-11-15 7.8 CVE-2022-41396

MISC
tenda — ac1200_v-w15ev2_firmware Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. 2022-11-15 7.8 CVE-2022-42053

MISC
tenda — ac1200_v-w15ev2_firmware Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. 2022-11-15 7.5 CVE-2022-42060

MISC
thriveweb — wooswipe_woocommerce_gallery Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. 2022-11-17 8.8 CVE-2022-45066

CONFIRM
ultimatemember — ultimate_member A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability. 2022-11-13 7.5 CVE-2022-3966

N/A

N/A

N/A
vestacp — control_panel A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is 39561c32c12cabe563de48cc96eccb9e2c655e25. It is recommended to apply a patch to fix this issue. VDB-213546 is the identifier assigned to this vulnerability. 2022-11-13 7.8 CVE-2022-3967

N/A

N/A
wbce — wbce_cms A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The name of the patch is d394ba39a7bfeb31eda797b6195fd90ef74b2e75. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213716. 2022-11-15 7.5 CVE-2022-4006

MISC

MISC

MISC
wiesemann_&_theis — multiple_products

 
Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request. 2022-11-15 9.8 CVE-2022-42785

MISC
wordplus — better_messages Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress. 2022-11-19 8.8 CVE-2022-41609

CONFIRM

CONFIRM
wowonder — wowonder WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. 2022-11-15 9.8 CVE-2022-42984

MISC

MISC
wowonder — wowonder WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. 2022-11-15 7.5 CVE-2022-40405

MISC
wpforms — wpforms_pro The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection. 2022-11-14 9.8 CVE-2022-3574

CONFIRM
xiongmaitech — xm-jpr2-lx_firmware Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover. 2022-11-14 7.5 CVE-2021-38827

MISC
xuxueli — xxl-job XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. 2022-11-17 8.8 CVE-2022-43183

MISC
zohocorp — manageengine_access_manager_plus Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. 2022-11-12 9.8 CVE-2022-43671

MISC
zohocorp — manageengine_access_manager_plus Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. 2022-11-12 9.8 CVE-2022-43672

MISC
zohocorp — manageengine_mobile_device_manager_plus In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. 2022-11-12 7.8 CVE-2022-41339

MISC
zohocorp — manageengine_supportcenter_plus Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. 2022-11-12 8.8 CVE-2022-40773

MISC

MISC

Back to top

Medium Vulnerabilities

Primary

Vendor — Product
Description Published CVSS Score Source & Patch Info
activity_log_project — activity_log A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448. 2022-11-11 5.3 CVE-2022-3941

N/A

N/A

N/A
amazon — opensearch OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of potentially impacted files is limited to text files with read permissions allowed in the Java Security Manager policy configuration. OpenSearch version 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue. 2022-11-16 4.3 CVE-2022-41917

CONFIRM

MISC
anthologize_project — anthologize Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress. 2022-11-17 4.8 CVE-2022-44591

CONFIRM
apache — airflow In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver’s `/login` endpoint. 2022-11-15 6.1 CVE-2022-45402

BUGTRAQ

CONFIRM

MLIST
apache — archiva Users with write permissions to a repository can delete arbitrary directories. 2022-11-15 4.3 CVE-2022-40309

CONFIRM

MLIST
backclick — backclick An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations. 2022-11-16 6.1 CVE-2022-44002

MISC
benbodhi — svg_support The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL. 2022-11-16 5.4 CVE-2022-4022

MISC

MISC
bluecoral — chat_bubble The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message 2022-11-14 6.1 CVE-2022-3415

CONFIRM
booster — booster_for_woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress. 2022-11-18 4.3 CVE-2022-41805

CONFIRM
bruhn-newtech — cbrn-analysis CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. 2022-11-12 4.7 CVE-2022-45194

MISC
chameleon_project — chameleon Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on WordPress. 2022-11-17 4.8 CVE-2022-44736

CONFIRM
cisco — adaptive_security_appliance A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust. 2022-11-15 6.8 CVE-2022-20826

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20831

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20832

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20833

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20834

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20835

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20836

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20838

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20839

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20840

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20843

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20872

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20905

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20932

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20935

MISC
cisco — firepower_management_center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. 2022-11-15 4.8 CVE-2022-20936

MISC
concretecms — concrete_cms In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load). 2022-11-14 6.5 CVE-2022-43686

MISC

MISC

MISC

MISC

MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. 2022-11-14 6.3 CVE-2022-43690

MISC

MISC

MISC

MISC

MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS – user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. 2022-11-14 6.1 CVE-2022-43692

MISC

MISC

MISC

MISC

MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output. 2022-11-14 6.1 CVE-2022-43694

MISC

MISC

MISC

MISC

MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. 2022-11-14 6.1 CVE-2022-43967

MISC

MISC

MISC

MISC

MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. 2022-11-14 6.1 CVE-2022-43968

MISC

MISC

MISC

MISC

MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. 2022-11-14 5.4 CVE-2022-43687

MISC

MISC

MISC

MISC

MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. 2022-11-14 5.3 CVE-2022-43689

MISC

MISC

MISC

MISC

MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production. 2022-11-14 5.3 CVE-2022-43691

MISC

MISC

MISC

MISC

MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. 2022-11-14 4.8 CVE-2022-43688

MISC

MISC

MISC

MISC

MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. 2022-11-14 4.8 CVE-2022-43695

MISC

MISC

MISC

MISC

MISC
contiki-ng — contiki-ng Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the “develop” branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub. 2022-11-11 5.4 CVE-2022-41873

CONFIRM

MISC
cyberchimps — ifeature_slider Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress. 2022-11-17 5.4 CVE-2022-45375

CONFIRM
digitialpixies — oauth_client The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions. 2022-11-14 6.5 CVE-2022-3632

CONFIRM
digitialpixies — oauth_client The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). 2022-11-14 4.8 CVE-2022-3631

CONFIRM
discourse — calendar Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability only affects sites which have discourse post events enabled. This issue has been patched in commit `ca5ae3e7e` which will be included in future releases. Users unable to upgrade should disable the `discourse_post_event_enabled` setting to fully mitigate the issue. Also, it’s possible to prevent regular users from using this vulnerability by removing all groups from the `discourse_post_event_allowed_on_groups` but note that moderators will still be able to use it. 2022-11-14 5.4 CVE-2022-41913

CONFIRM

MISC
discourse — discourse Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been resolved in commit `a414520742` and will be included in future releases. Users are advised to upgrade. Users are also advised to set `SiteSetting.max_invites_per_day` to 0 until the patch is installed. 2022-11-14 6.5 CVE-2022-39385

CONFIRM

MISC
drogon — drogon A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464. 2022-11-11 5.3 CVE-2022-3959

N/A

N/A

N/A

N/A
element — element Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds. 2022-11-11 6.5 CVE-2022-41904

MISC

CONFIRM
emlog — emlog A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547. 2022-11-13 6.1 CVE-2022-3968

N/A

N/A
eramba — eramba A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. 2022-11-14 5.4 CVE-2022-43342

MISC

MISC
exiv2 — exiv2 A vulnerability was found in Exiv2. It has been classified as problematic. This affects the function QuickTimeVideo::multipleEntriesDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to infinite loop. It is possible to initiate the attack remotely. The name of the patch is 771ead87321ae6e39e5c9f6f0855c58cde6648f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213459. 2022-11-11 6.5 CVE-2022-3953

N/A

N/A

N/A
expresstech — quiz_and_survey_master Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. 2022-11-18 6.1 CVE-2022-40698

CONFIRM
eyoucms — eyoucms EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. 2022-11-14 6.5 CVE-2022-44389

MISC
eyoucms — eyoucms A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. 2022-11-14 5.4 CVE-2022-44390

MISC
feehi — feehicms A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788. 2022-11-16 4.3 CVE-2022-4014

N/A
foru_cms_project — foru_cms A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability. 2022-11-11 5.4 CVE-2022-3943

N/A

N/A
frappe — frappe A vulnerability was found in Frappe. It has been rated as problematic. Affected by this issue is some unknown functionality of the file frappe/templates/includes/navbar/navbar_search.html of the component Search. The manipulation of the argument q leads to cross site scripting. The attack may be launched remotely. The name of the patch is bfab7191543961c6cb77fe267063877c31b616ce. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213560. 2022-11-14 6.1 CVE-2022-3988

N/A

N/A

N/A
gnome — nautilus GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. 2022-11-14 5.5 CVE-2022-37290

MISC

MISC

MISC
gnuboard — gnuboard5 A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540. 2022-11-12 5.4 CVE-2022-3963

N/A

N/A
gpac — gpac A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463. 2022-11-11 6.5 CVE-2022-3957

N/A

N/A
guitar-pro — guitar_pro A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the name of an uploaded file. 2022-11-16 6.1 CVE-2022-43263

MISC
hallowelt — bluespice Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). 2022-11-15 6.1 CVE-2022-3895

CONFIRM
hallowelt — bluespice Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks. 2022-11-15 5.4 CVE-2022-3958

CONFIRM
hallowelt — bluespice Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage. 2022-11-15 5.4 CVE-2022-41789

CONFIRM
hallowelt — bluespice Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage. 2022-11-15 5.4 CVE-2022-41814

CONFIRM
hallowelt — bluespice Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage. 2022-11-15 5.4 CVE-2022-42000

CONFIRM
hallowelt — bluespice Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation. 2022-11-15 5.4 CVE-2022-42001

CONFIRM
hallowelt — bluespice Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application. 2022-11-15 4.8 CVE-2022-3893

CONFIRM
hallowelt — bluespice Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application. 2022-11-15 4.8 CVE-2022-41611

CONFIRM
htmldoc_project — htmldoc A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. 2022-11-14 5.5 CVE-2022-0137

MISC

MISC
hustoj_project — hustoj Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php. 2022-11-17 6.1 CVE-2022-42187

MISC
ibm — business_automation_workflow Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. 2022-11-17 5.4 CVE-2022-38390

MISC

MISC
ibm — cics_tx IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172. 2022-11-14 6.1 CVE-2022-38705

MISC

MISC

MISC
ibm — cics_tx IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451. 2022-11-14 5.4 CVE-2022-34315

MISC

MISC

MISC
ibm — cics_tx IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459. 2022-11-14 5.4 CVE-2022-34317

MISC

MISC

MISC
ibm — cics_tx IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452. 2022-11-14 5.3 CVE-2022-34316

MISC

MISC

MISC
ibm — cics_tx IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467. 2022-11-14 5.3 CVE-2022-34329

MISC

MISC

MISC
ibm — cloud_pak_for_security IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663. 2022-11-11 5.4 CVE-2022-36776

MISC

MISC
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688. 2022-11-15 5.4 CVE-2022-40753

MISC

MISC
ibm — mq IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. 2022-11-11 6.5 CVE-2022-31772

MISC

MISC
ibm — mq_internet_pass-thru IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. 2022-11-14 5.5 CVE-2022-35719

MISC

MISC
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including “Manage Security” permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601. 2022-11-17 4.9 CVE-2022-40751

MISC

MISC
ibm — websphere_application_server IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. 2022-11-11 5.4 CVE-2022-40750

MISC

MISC
ikus-soft — rdiffweb Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. 2022-11-16 4.3 CVE-2022-4018

MISC

CONFIRM
insyde — kernel DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). This issue was discovered by Insyde engineering. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 2022-11-14 6.4 CVE-2022-30773

MISC

MISC
insyde — kernel DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043 2022-11-15 6.4 CVE-2022-30774

MISC

MISC
insyde — kernel Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. “DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in Kernel 5.2: 05.27.21. Kernel 5.3: 05.36.21. Kernel 5.4: 05.44.21. Kernel 5.5: 05.52.21 https://www.insyde.com/security-pledge/SA-2022044 2022-11-15 6.4 CVE-2022-31243

MISC

MISC
insyde — kernel DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. 2022-11-14 6.4 CVE-2022-32266

MISC

MISC
insyde — kernel DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack… This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046 2022-11-15 6.4 CVE-2022-32267

MISC

MISC
insyde — kernel DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022048 2022-11-15 6.4 CVE-2022-33906

MISC

MISC
insyde — kernel DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack… DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049 2022-11-14 6.4 CVE-2022-33907

MISC

MISC
insyde — kernel DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23 CWE-367 2022-11-14 6.4 CVE-2022-33982

MISC

MISC
insyde — kernel DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 CWE-367 Report at: https://www.insyde.com/security-pledge/SA-2022056 2022-11-15 6.4 CVE-2022-33986

MISC

MISC
intel — active_management_technology Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 6.7 CVE-2021-33159

MISC
intel — celeron_1000m_firmware Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 6.4 CVE-2022-21198

MISC
intel — core_i5-7640x_firmware Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 6.7 CVE-2022-26006

MISC
intel — nuc_11_performance_kit_nuc11pahi30z_firmware Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 6.7 CVE-2022-33176

MISC
intel — nuc_8_compute_element_cm8i7cb_firmware Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 6.7 CVE-2022-35276

MISC
intel — nuc_8_mainstream-g_kit_nuc8i7inh_firmware Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 6.7 CVE-2021-33164

MISC
intel — nuc_board_de3815tybe_firmware Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 6.7 CVE-2022-34152

MISC
intel — nuc_board_nuc5i3mybe_firmware Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access. 2022-11-11 5.5 CVE-2022-36349

MISC
intel — nuc_kit_nuc8i7hnk_firmware Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 6.7 CVE-2022-21794

MISC
intel — nuc_m15_laptop_kit_lapbc510_firmware Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 6.7 CVE-2022-32569

MISC
intel — openvino Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access. 2022-11-11 6.5 CVE-2021-26251

MISC
intel — proset/wireless_wifi Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access. 2022-11-11 6.5 CVE-2022-26047

MISC
intel — s2600wf_firmware Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-11-11 6.7 CVE-2022-30542

MISC
intel — server_platform_services_firmware Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access. 2022-11-11 5.5 CVE-2022-29466

MISC
intel — server_platform_services_firmware Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access. 2022-11-11 5.5 CVE-2022-29515

MISC
intel — sgx_sdk Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. 2022-11-11 4.4 CVE-2022-27499

MISC
intel — support Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access. 2022-11-11 5.5 CVE-2022-30691

MISC
intel — support Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access. 2022-11-11 4.4 CVE-2022-36367

MISC
intel — wi-fi_6e_ax411_firmware Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-11-11 6.5 CVE-2022-28667

MISC
jenkins — associated_files Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-11-15 5.4 CVE-2022-45401

CONFIRM
jenkins — bart Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. 2022-11-15 5.4 CVE-2022-45387

CONFIRM
jenkins — cluster_statistics A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. 2022-11-15 4.3 CVE-2022-45398

CONFIRM
jenkins — cluster_statistics A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. 2022-11-15 4.3 CVE-2022-45399

CONFIRM
jenkins — delete_log A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. 2022-11-15 4.3 CVE-2022-45394

CONFIRM
jenkins — junit Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-11-15 5.4 CVE-2022-45380

CONFIRM
jenkins — loader.io A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-11-15 4.3 CVE-2022-45390

CONFIRM
jenkins — naginator Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names. 2022-11-15 5.4 CVE-2022-45382

CONFIRM
jenkins — ns-nd_integration_performance_publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. 2022-11-15 6.5 CVE-2022-45392

CONFIRM
jenkins — reverse_proxy_auth Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. 2022-11-15 6.5 CVE-2022-45384

CONFIRM
jenkins — support_core An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission. 2022-11-15 6.5 CVE-2022-45383

CONFIRM
jenkins — violations Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-11-15 5.5 CVE-2022-45386

CONFIRM
jenkins — xp-dev A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. 2022-11-15 5.3 CVE-2022-45389

CONFIRM
karmasis — infraskope_security_event_manager Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to modificate logs. 2022-11-16 5.3 CVE-2022-24036

CONFIRM
kavitareader — kavita Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. 2022-11-11 5.3 CVE-2022-3945

CONFIRM

MISC
keyfactor — kefactor_ejbca Keyfactor EJBCA before 7.10.0 allows XSS. 2022-11-17 5.4 CVE-2022-42954

CONFIRM
keyfactor — primekey_ejbca A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user. 2022-11-17 5.4 CVE-2022-39834

CONFIRM
liferay — digital_experience_platform The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential. 2022-11-15 5.9 CVE-2022-42132

MISC

MISC

MISC
liferay — digital_experience_platform The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page. 2022-11-15 5.3 CVE-2022-42127

MISC

MISC

MISC
liferay — digital_experience_platform The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API. 2022-11-15 5.3 CVE-2022-42128

MISC

MISC

MISC
liferay — digital_experience_platform Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module’s REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3. 2022-11-15 4.8 CVE-2022-42131

MISC

MISC

MISC
liferay — digital_experience_platform The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI. 2022-11-15 4.3 CVE-2022-42126

MISC

MISC

MISC
liferay — digital_experience_platform An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter. 2022-11-15 4.3 CVE-2022-42129

MISC

MISC

MISC
liferay — digital_experience_platform The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries. 2022-11-15 4.3 CVE-2022-42130

MISC

MISC

MISC
liferay — liferay_portal A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML. 2022-11-15 6.1 CVE-2022-42110

MISC

MISC
liferay — liferay_portal A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter. 2022-11-15 6.1 CVE-2022-42118

MISC

MISC

MISC
liferay — liferay_portal A Cross-site scripting (XSS) vulnerability in the Sharing module’s user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload. 2022-11-15 5.4 CVE-2022-42111

MISC

MISC
liferay — liferay_portal Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8. 2022-11-15 5.4 CVE-2022-42119

MISC

MISC

MISC
linux — linux_kernel An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. 2022-11-14 4.6 CVE-2022-3903

MISC

MISC
linuxfoundation — kubevela KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who’re using v1.6, please update the v1.6.1. Users who’re using v1.5, please update the v1.5.8. There are no known workarounds for this issue. 2022-11-16 6.5 CVE-2022-39383

CONFIRM

MISC
matrix — matrix_irc_bridge A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is 179313a37f06b298150edba3e2b0e5a73c1415e7. It is recommended to upgrade the affected component. VDB-213550 is the identifier assigned to this vulnerability. 2022-11-13 5.6 CVE-2022-3971

N/A

N/A

N/A

N/A
metagauss — profilegrid The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting 2022-11-14 6.1 CVE-2022-3578

CONFIRM
nintex — workflow The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. 2022-11-14 6.1 CVE-2022-38167

MISC

MISC
nodebb — nodebb A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555. 2022-11-13 4.3 CVE-2022-3978

N/A

N/A

N/A

N/A
nukeviet — nukeviet A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.5 is able to address this issue. The name of the patch is 0b3197fad950bb3383e83039a8ee4c9509b3ce02. It is recommended to upgrade the affected component. VDB-213554 is the identifier assigned to this vulnerability. 2022-11-13 6.1 CVE-2022-3975

N/A

N/A

N/A
op5 — monitor OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS). 2022-11-14 6.1 CVE-2021-40272

MISC
openkm — openkm A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548. 2022-11-13 5.5 CVE-2022-3969

N/A

N/A

N/A

N/A
password_storage_application_project — password_storage_application A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. 2022-11-17 6.1 CVE-2022-43142

MISC
permalink_manager_lite_project — permalink_manager_lite The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2022-11-16 4.3 CVE-2022-4021

MISC

MISC
phpservermonitor — php_server_monitor A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is 3daa804d5f56c55b3ae13bfac368bb84ec632193. It is recommended to apply a patch to fix this issue. The identifier VDB-213717 was assigned to this vulnerability. 2022-11-15 5.3 CVE-2021-4240

MISC

MISC

MISC
phpservermonitor — php_server_monitor A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is bb10a5f3c68527c58073258cb12446782d223bc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213744. 2022-11-15 5.3 CVE-2021-4241

MISC

MISC

MISC
publiccms — publiccms A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456. 2022-11-11 6.1 CVE-2022-3950

N/A

N/A
qualcomm — aqt1000_firmware Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-11-15 5.5 CVE-2022-25676

CONFIRM
qualcomm — aqt1000_firmware Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-11-15 5.5 CVE-2022-25679

CONFIRM
resmush.it — resmush.it_image_optimizer The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site. 2022-11-14 6.5 CVE-2022-2449

CONFIRM
resmush.it — resmush.it_image_optimizer The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them. 2022-11-14 4.3 CVE-2022-2450

CONFIRM
sanitization_management_system_project — sanitization_management_system A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability. 2022-11-11 6.1 CVE-2022-3942

N/A

MISC
sanitization_management_system_project — sanitization_management_system A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571. 2022-11-14 6.1 CVE-2022-3992

N/A
scratch-wiki — scratch_login The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). 2022-11-17 4.8 CVE-2022-42985

MISC

MISC
simple_cashiering_system_project — simple_cashiering_system A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-213455. 2022-11-11 6.1 CVE-2022-3949

N/A
simplex — simplex_chat SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol. 2022-11-12 5.3 CVE-2022-45195

MISC

MISC

MISC

MISC
snakeyaml_project — snakeyaml Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. 2022-11-11 6.5 CVE-2022-41854

CONFIRM
student_attendance_management_system_project — student_attendance_management_system A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213846 is the identifier assigned to this vulnerability. 2022-11-17 4.8 CVE-2022-4053

MISC

MISC
tenda — ac1200_v-w15ev2_firmware The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they’re not explicitly authorized to have. 2022-11-15 6.5 CVE-2022-40845

MISC
tenda — ac1200_v-w15ev2_firmware In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body. 2022-11-15 5.4 CVE-2022-40844

MISC
tenda — ac1200_v-w15ev2_firmware The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator’s user account. 2022-11-15 4.9 CVE-2022-40843

MISC
tenda — ac1200_v-w15ev2_firmware In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname. 2022-11-15 4.8 CVE-2022-40846

MISC
themepoints — testimonials The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-11-14 4.8 CVE-2022-3539

CONFIRM
tibco — spotfire_server The Visualizations component of TIBCO Software Inc.’s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0. 2022-11-15 5.4 CVE-2022-41558

CONFIRM

CONFIRM
tribalsystems — zenario Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. 2022-11-16 5.4 CVE-2022-44069

MISC
tribalsystems — zenario Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. 2022-11-16 5.4 CVE-2022-44070

MISC
tribalsystems — zenario Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. 2022-11-16 5.4 CVE-2022-44071

MISC
tribalsystems — zenario Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. 2022-11-16 5.4 CVE-2022-44073

MISC
webartesanal — mantenimiento_web Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. 2022-11-18 6.1 CVE-2022-38075

CONFIRM
webmaster_tools_verification_project — webmaster_tools_verification The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins 2022-11-14 6.5 CVE-2022-3538

CONFIRM
wondercms — wondercms A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. 2022-11-17 6.1 CVE-2022-43332

MISC
wp_attachments_project — wp_attachments The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). 2022-11-14 4.8 CVE-2022-3469

CONFIRM
wpb_show_core_project — wpb_show_core The WPB Show Core WordPress plugin through TODO does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting 2022-11-14 6.1 CVE-2022-3484

CONFIRM
wsgidav_project — wsgidav WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration. 2022-11-11 6.1 CVE-2022-41905

MISC

CONFIRM
xiongmaitech — xm-jpr2-lx_firmware Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing. 2022-11-14 5.3 CVE-2021-38828

MISC
xpdfreader — xpdf XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. 2022-11-14 5.5 CVE-2022-43295

MISC
yikesinc — custom_product_tabs_for_woocommerce Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress. 2022-11-18 4.8 CVE-2022-43463

CONFIRM
zoneminder — zoneminder A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 and requires a different attack method. 2022-11-15 5.4 CVE-2022-30768

MISC

MISC
zoneminder — zoneminder Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user. 2022-11-15 4.6 CVE-2022-30769

MISC

MISC

Back to top

Low Vulnerabilities

Primary

Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — cics_tx IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. 2022-11-14 3.3 CVE-2022-34312

MISC

MISC

MISC
ibm — cics_tx IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. 2022-11-14 3.3 CVE-2022-34314

MISC

MISC

MISC
ibm — cics_tx IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449. 2022-11-14 3.1 CVE-2022-34313

MISC

MISC

MISC
ibm — partner_engagement_manager IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. 2022-11-16 3.3 CVE-2022-34354

MISC

MISC
intel — wlan_authentication_and_privacy_infrastructure Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. 2022-11-11 3.3 CVE-2022-33973

MISC
jenkins — delete_log A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. 2022-11-15 3.5 CVE-2022-45393

CONFIRM
wp-polls_project — wp-polls Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress. 2022-11-18 3.1 CVE-2022-40130

CONFIRM

CONFIRM
zoom — vdi_windows_meeting_clients The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account. 2022-11-14 3.3 CVE-2022-28764

MISC

Back to top

Severity Not Yet Assigned

Primary

Vendor — Product
Description Published CVSS Score Source & Patch Info
amasty — magneto_2_blog_pro

 
The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response. 2022-11-17 not yet calculated CVE-2022-36432

MISC

apple — mdnsresponser.ece

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files. 2022-11-17 not yet calculated CVE-2022-23748

MISC
bkg — professional_ntripcaster BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable. 2022-11-17 not yet calculated CVE-2022-42982

MISC

MISC
carel — boss_mini

 
Carel Boss Mini 1.5.0 has Improper Access Control. 2022-11-18 not yet calculated CVE-2022-34827

MISC

MISC
cbeust — cbeust

 
A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-214027. 2022-11-19 not yet calculated CVE-2022-4065

N/A

N/A

N/A

cisco — firepower_management_center

A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this vulnerability by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. To successfully exploit this vulnerability, an attacker would need valid credentials for a user with Device permissions: by default, only Administrators, Security Approvers and Network Admins user accounts have these permissions. 2022-11-15 not yet calculated CVE-2022-20925

MISC

cisco — firepower_management_center

A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this vulnerability by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. To successfully exploit this vulnerability, an attacker would need valid credentials for a user with Device permissions: by default, only Administrators, Security Approvers and Network Admins user accounts have these permissions. 2022-11-15 not yet calculated CVE-2022-20926

MISC
cisco — firepower_management_center A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed. 2022-11-15 not yet calculated CVE-2022-20938

MISC
cisco — firepower_management_center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device. 2022-11-15 not yet calculated CVE-2022-20941

MISC
cisco — firepower_threat_defense A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. An attacker could exploit this vulnerability by sending crafted TLS messages to an affected device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. 2022-11-15 not yet calculated CVE-2022-20940

MISC

cisco — firepower_threat_defense

A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM”] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. 2022-11-15 not yet calculated CVE-2022-20946

MISC

cisco — firepower_threat_defense

A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. An attacker could exploit this vulnerability by sending specific messages to the affected HTTPS handler. A successful exploit could allow the attacker to perform configuration changes on the affected system, which should be configured and managed only through Cisco Firepower Management Center (FMC) Software. 2022-11-15 not yet calculated CVE-2022-20949

MISC

cisco — firepower_threat_defense

A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition. 2022-11-15 not yet calculated CVE-2022-20950

MISC

cisco — multiple_products

A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential. This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed. 2022-11-15 not yet calculated CVE-2022-20918

MISC
cisco — multiple_products Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details [“#details”] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected. 2022-11-15 not yet calculated CVE-2022-20922

MISC
cisco — multiple_products A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. 2022-11-15 not yet calculated CVE-2022-20924

MISC
cisco — multiple_products A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition. 2022-11-15 not yet calculated CVE-2022-20927

MISC
cisco — multiple_products A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to a flaw in the authorization verifications during the VPN authentication flow. An attacker could exploit this vulnerability by sending a crafted packet during a VPN authentication. The attacker must have valid credentials to establish a VPN connection. A successful exploit could allow the attacker to establish a VPN connection with access privileges from a different user. 2022-11-15 not yet calculated CVE-2022-20928

MISC
cisco — multiple_products A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials. 2022-11-15 not yet calculated CVE-2022-20934

MISC
cisco — multiple_products Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details [“#details”] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected. 2022-11-15 not yet calculated CVE-2022-20943

MISC

cisco — multiple_products

A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU”] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. 2022-11-15 not yet calculated CVE-2022-20947

MISC
d-link — d-link

 
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 “login.asp” A. The window.location.href = http://192.168.1.1/setupWizard.asp” http://192.168.1.1/setupWizard.asp” ; “admin” – contains default username value “login.asp” B. While accessing the web interface, the login form at *Authorization Bypass – URL by “setupWizard.asp’ while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a “login_glag” and “login_status” checking browser and to read the admin user credentials for the web interface. 2022-11-17 not yet calculated CVE-2022-36785

MISC
d-link — d-link

 
DLINK – DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. 2022-11-17 not yet calculated CVE-2022-36786

MISC
d-link — dir3060 D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. 2022-11-18 not yet calculated CVE-2022-44204

MISC

MISC
dalli — dalli

 
A vulnerability was found in Dalli. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to apply a patch to fix this issue. VDB-214026 is the identifier assigned to this vulnerability. 2022-11-19 not yet calculated CVE-2022-4064

MISC

MISC

MISC

MISC
davidmoreno — onion A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is de8ea938342b36c28024fd8393ebc27b8442a161. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-214028. 2022-11-19 not yet calculated CVE-2022-4066

N/A

N/A

N/A
dedecms — dedecms An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886. 2022-11-17 not yet calculated CVE-2022-43192

MISC
drachtio — drachtio_server In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. 2022-11-18 not yet calculated CVE-2022-45473

MISC
drachtio — drachtio_server drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. 2022-11-18 not yet calculated CVE-2022-45474

MISC
elastic — kibana An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website. 2022-11-18 not yet calculated CVE-2021-22141

MISC

MISC
elastic — kibana It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user. 2022-11-18 not yet calculated CVE-2021-37936

MISC

MISC
elsight — halo_rce

 
Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution. 2022-11-17 not yet calculated CVE-2022-36784

MISC
esri — arcgis_quick_capture_web_designer

 
An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain. 2022-11-15 not yet calculated CVE-2022-38201

MISC
flarum — flarum

 
Flarum is an open source discussion platform. Flarum’s page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue. 2022-11-19 not yet calculated CVE-2022-41938

CONFIRM

MISC

MISC
free5gc — free5gc

 
In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. 2022-11-18 not yet calculated CVE-2022-38871

MISC
freerdp — freerdp

 
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue. 2022-11-16 not yet calculated CVE-2022-39317

CONFIRM
freerdp — freerdp

 
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. 2022-11-16 not yet calculated CVE-2022-39320

CONFIRM
glpi_project — glpi_project

 
GLPI – Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) – The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker’s content back to the victim, the content is executed by the victim’s browser. 2022-11-17 not yet calculated CVE-2022-39181

MISC
google — android In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555070References: N/A 2022-11-17 not yet calculated CVE-2022-20427

MISC
google — android In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555411References: N/A 2022-11-17 not yet calculated CVE-2022-20428

MISC
google — android In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239556260References: N/A 2022-11-17 not yet calculated CVE-2022-20459

MISC
google — android In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239557547References: N/A 2022-11-17 not yet calculated CVE-2022-20460

MISC
google — android In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/A 2022-11-17 not yet calculated CVE-2022-42533

MISC
horner_automation — cscape 

 
Horner Automation’s Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read. 2022-11-15 not yet calculated CVE-2022-3377

MISC
hostel_searching_project — hostel_searching_project

 
A vulnerability has been found in Hostel Searching Project and classified as critical. This vulnerability affects unknown code of the file view-property.php. The manipulation of the argument property_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213844. 2022-11-17 not yet calculated CVE-2022-4051

MISC

MISC
imperva — equalweb_accessibility_widget EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js. 2022-11-17 not yet calculated CVE-2022-42960

MISC
installbuilder — installbuilder

 
InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL. 2022-11-18 not yet calculated CVE-2022-31694

MISC

insyde — ahcibusdxe

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059 2022-11-15 not yet calculated CVE-2022-29276

MISC

MISC
insyde — fwblockservicesmm Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060 2022-11-15 not yet calculated CVE-2022-29277

MISC

MISC
insyde — multiple_products Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062 2022-11-15 not yet calculated CVE-2022-29279

MISC

MISC

insyde — nvmexpressdxe

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061 2022-11-15 not yet calculated CVE-2022-29278

MISC

MISC

insyde — pnpsmm

Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064 2022-11-15 not yet calculated CVE-2022-30771

MISC

MISC
insyde — pnpsmm Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065 2022-11-15 not yet calculated CVE-2022-30772

MISC

MISC
insyde — usbcoredxe In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058 2022-11-15 not yet calculated CVE-2022-29275

MISC

MISC
insyde — usbcoredxe In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. The code which uses can be inside of SMM, making the working buffer untrusted input. The buffer can be corrupted by DMA transfers. The SMM code code attempts to sanitize pointers to ensure all pointers refer to the working buffer, but when a pointer is not found in the list of pointers to sanitize, the current action is not aborted, leading to undefined behavior. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in: Kernel 5.0: Version 05.09. 21 Kernel 5.1: Version 05.17.21 Kernel 5.2: Version 05.27.21 Kernel 5.3: Version 05.36.21 Kernel 5.4: Version 05.44.21 Kernel 5.5: Version 05.52.21 https://www.insyde.com/security-pledge/SA-2022063 2022-11-15 not yet calculated CVE-2022-30283

MISC

MISC
intel — server_board_m50cyp_family Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access. 2022-11-11 not yet calculated CVE-2022-25917

MISC
intelbras — sg_2404_mr INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. 2022-11-18 not yet calculated CVE-2022-43308

MISC

MISC
iobit — iotransfer

 
IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. 2022-11-18 not yet calculated CVE-2022-37197

MISC
jetbrains — hub In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address 2022-11-18 not yet calculated CVE-2022-45471

MISC
karmasis_bilisim_cozumleri — infraskope_security_event_manager Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to obtain critical information. 2022-11-18 not yet calculated CVE-2022-24037

CONFIRM
karmasis_bilisim_cozumleri — infraskope_security_event_manager Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed. 2022-11-18 not yet calculated CVE-2022-24038

CONFIRM
knative — func knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack. 2022-11-19 not yet calculated CVE-2022-41939

MISC

MISC

MISC

CONFIRM
lancet — lancet Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. 2022-11-17 not yet calculated CVE-2022-41920

MISC

MISC

MISC

CONFIRM
lief — lief A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. 2022-11-17 not yet calculated CVE-2022-43171

MISC
lightning_network_daemon — lightning_network_daemon

 
Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version `v0.15.4` are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. Opening channels is prohibited, and also on chain transaction events will be undetected. This can cause loss of funds if a CSV expiry is researched during a breach attempt or a CLTV delta expires forgetting the funds in the HTLC. A patch is available in `lnd` version 0.15.4. Users are advised to upgrade. Users unable to upgrade may use the `lncli updatechanpolicy` RPC call to increase their CLTV value to a very high amount or increase their fee policies. This will prevent nodes from routing through your node, meaning that no pending HTLCs can be present. 2022-11-17 not yet calculated CVE-2022-39389

MISC

MISC

CONFIRM

MISC
linaro — automated_validation_architecture In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. 2022-11-18 not yet calculated CVE-2022-44641

MISC
linaro — automated_validation_architecture In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server. 2022-11-18 not yet calculated CVE-2022-45132

MISC

MISC
manageengine — zoho_manageengine_admanager_plus Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. 2022-11-18 not yet calculated CVE-2022-42904

MISC
manageengine — zoho_manageengine_supportcenter_plus Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. 2022-11-17 not yet calculated CVE-2022-42903

MISC
maradns — deadwood An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for “Ghost” domain names. 2022-11-19 not yet calculated CVE-2022-30256

MISC

MISC
media5_corporation — mediatrix Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port. 2022-11-17 not yet calculated CVE-2022-43096

MISC

MISC
monikabrzica — scm A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Affected by this issue is some unknown functionality of the file upis_u_bazu.php. The manipulation of the argument email/lozinka/ime/id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-213698 is the identifier assigned to this vulnerability. 2022-11-15 not yet calculated CVE-2022-3997

MISC

MISC
monikabrzica — scm

 
A vulnerability, which was classified as critical, was found in MonikaBrzica scm. This affects an unknown part of the file uredi_korisnika.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213699. 2022-11-15 not yet calculated CVE-2022-3998

MISC

MISC
nvidia — cuda_toolkit_sdk

 
NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user. 2022-11-19 not yet calculated CVE-2022-34667

MISC
nvidia — gpu_display_driver

 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. 2022-11-19 not yet calculated CVE-2022-31610

MISC
nvidia — gpu_display_driver

 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information. 2022-11-19 not yet calculated CVE-2022-31612

MISC
nvidia — gpu_display_driver

 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic. 2022-11-19 not yet calculated CVE-2022-31613

MISC
nvidia — gpu_display_driver

 
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. 2022-11-19 not yet calculated CVE-2022-31615

MISC
nvidia — gpu_display_driver

 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure. 2022-11-19 not yet calculated CVE-2022-31616

MISC
nvidia — gpu_display_driver

 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. 2022-11-19 not yet calculated CVE-2022-31617

MISC
nvidia — gpu_display_driver

 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. 2022-11-19 not yet calculated CVE-2022-34665

MISC

nvidia — gpu_display_driver 

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering. 2022-11-19 not yet calculated CVE-2022-31606

MISC

nvidia — gpu_display_driver 

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure. 2022-11-19 not yet calculated CVE-2022-31607

MISC

nvidia — gpu_display_driver 

NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. 2022-11-19 not yet calculated CVE-2022-31608

MISC
nxp — multiple_products An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.) 2022-11-18 not yet calculated CVE-2022-45163

MISC

MISC
opc_foundation — local_discovery_server

 
OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). 2022-11-17 not yet calculated CVE-2022-44725

MISC

MISC
pentagrid — seppmail The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address. 2022-11-18 not yet calculated CVE-2021-31739

MISC
proofpoint — enterprise_protection Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control. 2022-11-17 not yet calculated CVE-2021-31608

MISC

red_lion_controls — crimson

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user’s password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes. 2022-11-17 not yet calculated CVE-2022-3090

MISC
siemens — syngo_dynamics A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool. 2022-11-17 not yet calculated CVE-2022-42732

MISC
siemens — syngo_dynamics A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool. 2022-11-17 not yet calculated CVE-2022-42733

MISC
siemens — syngo_dynamics A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool. 2022-11-17 not yet calculated CVE-2022-42734

MISC
siemens — syngo_dynamics A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool. 2022-11-17 not yet calculated CVE-2022-42891

MISC
siemens — syngo_dynamics A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website’s application pool. 2022-11-17 not yet calculated CVE-2022-42892

MISC
siemens — syngo_dynamics A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool. 2022-11-17 not yet calculated CVE-2022-42893

MISC
siemens — syngo_dynamics A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration. 2022-11-17 not yet calculated CVE-2022-42894

MISC

silicon_labs — ember_znet

A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. 2022-11-18 not yet calculated CVE-2022-24939

MISC

MISC
silicon_labs — micrium_uc-http Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request. 2022-11-15 not yet calculated CVE-2022-24942

MISC

MISC
synthesia — synthesia A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. 2022-11-17 not yet calculated CVE-2021-33897

MISC

MISC
syss_gmbh — backclick_professional An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server. 2022-11-16 not yet calculated CVE-2022-43999

MISC

MISC
syss_gmbh — backclick_professional An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server. 2022-11-16 not yet calculated CVE-2022-44000

MISC

MISC
syss_gmbh — backclick_professional An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers’ e-mail addresses. Furthermore, it is possible to subscribe and verify other persons’ e-mail addresses to newsletters without their consent. 2022-11-16 not yet calculated CVE-2022-44005

MISC

MISC
syss_gmbh — backclick_professional An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation. 2022-11-16 not yet calculated CVE-2022-44007

MISC

MISC
syss_gmbh — backclick_professional An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly. 2022-11-16 not yet calculated CVE-2022-44008

MISC
tensorflow — tensorflow TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41895

CONFIRM

MISC

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41880

CONFIRM

MISC

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41883

MISC

MISC

CONFIRM

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41884

CONFIRM

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41885

MISC

CONFIRM

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41886

MISC

CONFIRM

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9. 2022-11-18 not yet calculated CVE-2022-41887

MISC

CONFIRM

MISC

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41888

MISC

MISC

CONFIRM
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41889

CONFIRM

MISC

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41890

MISC

MISC

CONFIRM
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41891

MISC

MISC

CONFIRM
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41893

CONFIRM

MISC

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41894

MISC

MISC

CONFIRM
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41896

MISC

MISC

CONFIRM
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41897

MISC

CONFIRM

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41898

CONFIRM

MISC

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41899

CONFIRM

MISC

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1. 2022-11-18 not yet calculated CVE-2022-41900

CONFIRM

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41901

MISC

CONFIRM

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41907

MISC

MISC

CONFIRM
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41908

MISC

MISC

CONFIRM
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41909

CONFIRM

MISC

MISC

MISC
tensorflow — tensorflow

 
TensorFlow is an open source platform for machine learning. When printing a tensor, we get it’s data as a `const char*` array (since that’s the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 not yet calculated CVE-2022-41911

MISC

MISC

CONFIRM
veritas_support — netbackup The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. 2022-11-17 not yet calculated CVE-2022-45461

MISC
webvendome — internal_server

 
Webvendome – Webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure. 2022-11-17 not yet calculated CVE-2022-39178

MISC
webvendome — webvendome Webvendome – Webvendome SQL Injection. SQL Injection in the Parameter ” DocNumber” Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE. 2022-11-17 not yet calculated CVE-2022-36787

MISC
windows — wire Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppDataRoamingWireIndexedDBhttps_app.wire.com_0.indexeddb.leveldb database. 2022-11-18 not yet calculated CVE-2022-43673

MISC

MISC
withsecure — withsecure

 
WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 4 of 5). 2022-11-17 not yet calculated CVE-2022-38165

MISC

wordpress — wordpress

Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress. 2022-11-17 not yet calculated CVE-2021-36905

CONFIRM

CONFIRM
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress. 2022-11-17 not yet calculated CVE-2022-40694

CONFIRM
wordpress — wordpress Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress. 2022-11-18 not yet calculated CVE-2022-40963

CONFIRM

CONFIRM
wordpress — wordpress Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. 2022-11-17 not yet calculated CVE-2022-41132

CONFIRM
wordpress — wordpress Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress. 2022-11-18 not yet calculated CVE-2022-41135

CONFIRM
wordpress — wordpress Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. 2022-11-19 not yet calculated CVE-2022-41155

CONFIRM

CONFIRM
wordpress — wordpress Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress. 2022-11-17 not yet calculated CVE-2022-41315

CONFIRM
wordpress — wordpress Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. 2022-11-18 not yet calculated CVE-2022-41615

CONFIRM

CONFIRM
wordpress — wordpress Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. 2022-11-18 not yet calculated CVE-2022-41618

CONFIRM

CONFIRM
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. 2022-11-18 not yet calculated CVE-2022-41634

CONFIRM

CONFIRM
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress. 2022-11-18 not yet calculated CVE-2022-41643

CONFIRM

CONFIRM
wordpress — wordpress Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. 2022-11-18 not yet calculated CVE-2022-41652

CONFIRM
wordpress — wordpress Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress. 2022-11-18 not yet calculated CVE-2022-41655

CONFIRM

CONFIRM
wordpress — wordpress Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter’s Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress. 2022-11-18 not yet calculated CVE-2022-41685

CONFIRM

CONFIRM

CONFIRM

CONFIRM
wordpress — wordpress Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. 2022-11-18 not yet calculated CVE-2022-41692

CONFIRM
wordpress — wordpress Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. 2022-11-18 not yet calculated CVE-2022-41781

CONFIRM
wordpress — wordpress Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress. 2022-11-18 not yet calculated CVE-2022-41788

CONFIRM

CONFIRM
wordpress — wordpress Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. 2022-11-17 not yet calculated CVE-2022-41791

CONFIRM
wordpress — wordpress Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. 2022-11-18 not yet calculated CVE-2022-41839

CONFIRM
wordpress — wordpress Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. 2022-11-18 not yet calculated CVE-2022-41840

CONFIRM
wordpress — wordpress Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress. 2022-11-18 not yet calculated CVE-2022-42459

CONFIRM

CONFIRM
wordpress — wordpress Broken Access Control vulnerability in miniOrange’s Google Authenticator plugin <= 5.6.1 on WordPress. 2022-11-18 not yet calculated CVE-2022-42461

CONFIRM
wordpress — wordpress Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. 2022-11-18 not yet calculated CVE-2022-42497

CONFIRM

CONFIRM
wordpress — wordpress Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. 2022-11-18 not yet calculated CVE-2022-42698

CONFIRM

CONFIRM
wordpress — wordpress Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress. 2022-11-18 not yet calculated CVE-2022-42883

CONFIRM
wordpress — wordpress Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. 2022-11-18 not yet calculated CVE-2022-43482

CONFIRM
wordpress — wordpress Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress. 2022-11-18 not yet calculated CVE-2022-43492

CONFIRM

CONFIRM
wordpress — wordpress Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. 2022-11-18 not yet calculated CVE-2022-44583

CONFIRM

CONFIRM
wordpress — wordpress Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. 2022-11-18 not yet calculated CVE-2022-44584

CONFIRM

CONFIRM
wordpress — wordpress Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress. 2022-11-18 not yet calculated CVE-2022-44634

CONFIRM

CONFIRM
wordpress — wordpress Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. 2022-11-18 not yet calculated CVE-2022-44740

CONFIRM

CONFIRM
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. 2022-11-17 not yet calculated CVE-2022-45071

CONFIRM
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. 2022-11-17 not yet calculated CVE-2022-45072

CONFIRM
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. 2022-11-18 not yet calculated CVE-2022-45073

CONFIRM
wordpress — wordpress Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key. 2022-11-18 not yet calculated CVE-2022-45082

CONFIRM

CONFIRM
wordpress — wordpress Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress. 2022-11-18 not yet calculated CVE-2022-45369

CONFIRM
wordpress — wordpress

 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ULTIMATE TABLES plugin <= 1.6.5 on WordPress. 2022-11-17 not yet calculated CVE-2022-36357

CONFIRM
wordpress — wordpress

 
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). 2022-11-17 not yet calculated CVE-2022-38461

CONFIRM
wordpress — wordpress

 
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. 2022-11-18 not yet calculated CVE-2022-38974

CONFIRM
wordpress — wordpress

 
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. 2022-11-17 not yet calculated CVE-2022-40192

CONFIRM
wordpress — wordpress

 
Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. 2022-11-17 not yet calculated CVE-2022-40200

CONFIRM

CONFIRM
wordpress — wordpress

 
Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. 2022-11-18 not yet calculated CVE-2022-40216

CONFIRM

CONFIRM
xdg-email — xdg-email When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. 2022-11-19 not yet calculated CVE-2022-4055

MISC
xpdf — xpdf A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. 2022-11-15 not yet calculated CVE-2022-43071

MISC
zoom — client_for_meetings_installer The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root. 2022-11-17 not yet calculated CVE-2022-28768

MISC
zoom — multiple_products Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. 2022-11-17 not yet calculated CVE-2022-28766

MISC
zoom — rooms_installer_for_windows

 
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user. 2022-11-17 not yet calculated CVE-2022-36924

MISC
zulip — zulip Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be possible for an attacker to infer the value of the token by performing a sophisticated timing analysis on a large number of failing requests. If successful, this would allow the attacker to impersonate the SCIM client for its abilities to read and update user accounts in the Zulip organization. Organizations where SCIM account management has not been enabled are not affected. 2022-11-16 not yet calculated CVE-2022-41914

CONFIRM

MISC

Back to top

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.