Vulnerability Summary for the Week of November 7, 2022

Original release date: November 14, 2022 | Last revised: November 15, 2022

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary

Vendor — Product
Description Published CVSS Score Source & Patch Info
accusoft — imagegear An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2022-11-09 7.8 CVE-2022-32588

MISC
acronis — cyber_protect_home_office Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. 2022-11-07 7.8 CVE-2022-44732

MISC
acronis — cyber_protect_home_office Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. 2022-11-07 7.8 CVE-2022-44733

MISC
acronis — cyber_protect_home_office Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. 2022-11-07 7.8 CVE-2022-44747

MISC
acronis — cyber_protect_home_office Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. 2022-11-07 7.3 CVE-2022-44744

MISC
activity_log_project — activity_log CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. 2022-11-08 9.8 CVE-2022-27858

CONFIRM

CONFIRM
addify — role_based_pricing_for_woocommerce The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog 2022-11-07 8.8 CVE-2022-3536

CONFIRM
addify — role_based_pricing_for_woocommerce The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP 2022-11-07 8.8 CVE-2022-3537

CONFIRM
analytify — analytify_-_google_analytics_dashboard Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress. 2022-11-08 8.8 CVE-2022-38137

CONFIRM

CONFIRM
apache — commons_bcel Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0. 2022-11-07 9.8 CVE-2022-42920

MISC

MLIST
apache — ivy With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the “zip”, “jar” or “war” packaging Ivy prior to 2.5.1 doesn’t verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse “upwards” using “..” sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1. 2022-11-07 9.1 CVE-2022-37865

CONFIRM
apache — ivy When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied “pattern” that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain “../” sequences – which are valid characters for Ivy coordinates in general – it is possible the artifacts are stored outside of Ivy’s local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing “..” sequences and a “normal” repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1. 2022-11-07 7.5 CVE-2022-37866

MISC
apache — pulsar The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the ClientCredentialFlow ‘issuer url’. The intercepted credentials can be used to acquire authentication data from the OAuth2.0 server to then authenticate with an Apache Pulsar cluster. An attacker can only take advantage of this vulnerability by taking control of a machine ‘between’ the client and the server. The attacker must then actively manipulate traffic to perform the attack. The Apache Pulsar Python Client wraps the C++ client, so it is also vulnerable in the same way. This issue affects Apache Pulsar C++ Client and Python Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0 to 2.10.1; 2.6.4 and earlier. Any users running affected versions of the C++ Client or the Python Client should rotate vulnerable OAuth2.0 credentials, including client_id and client_secret. 2.7 C++ and Python Client users should upgrade to 2.7.5 and rotate vulnerable OAuth2.0 credentials. 2.8 C++ and Python Client users should upgrade to 2.8.4 and rotate vulnerable OAuth2.0 credentials. 2.9 C++ and Python Client users should upgrade to 2.9.3 and rotate vulnerable OAuth2.0 credentials. 2.10 C++ and Python Client users should upgrade to 2.10.2 and rotate vulnerable OAuth2.0 credentials. 3.0 C++ users are unaffected and 3.0 Python Client users will be unaffected when it is released. Any users running the C++ and Python Client for 2.6 or less should upgrade to one of the above patched versions. 2022-11-04 8.1 CVE-2022-33684

MISC
arm — valhall_gpu_kernel_driver An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0. 2022-11-08 8.8 CVE-2022-41757

MISC
azure — cyclecloud Azure CycleCloud Elevation of Privilege Vulnerability. 2022-11-09 7.5 CVE-2022-41085

MISC
azure — rtos_guix_studio Azure RTOS GUIX Studio Remote Code Execution Vulnerability. 2022-11-09 7.8 CVE-2022-41051

MISC
badgermeter — moni In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. 2022-11-07 7.5 CVE-2020-12509

MISC
bd — totalys_multiprocessor_firmware BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability. 2022-11-04 7.8 CVE-2022-40263

CONFIRM
canteen_management_system_project — canteen_management_system Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php. 2022-11-07 7.2 CVE-2022-43049

MISC
canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-09 7.2 CVE-2022-43277

MISC
canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php. 2022-11-09 7.2 CVE-2022-43278

MISC
canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php. 2022-11-09 7.2 CVE-2022-43290

MISC
canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php. 2022-11-09 7.2 CVE-2022-43291

MISC
canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php. 2022-11-09 7.2 CVE-2022-43292

MISC
cisco — asyncos A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account. 2022-11-04 8.8 CVE-2022-20868

MISC
cisco — broadworks_commpilot_application A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} [“%7b%7bvalue%7d%7d”])}]] 2022-11-04 8.8 CVE-2022-20958

MISC
cisco — email_security_appliance A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerability by establishing a large number of concurrent TLS connections to an affected device. A successful exploit could allow the attacker to cause the device to drop new TLS email messages that come from the associated email servers. Exploitation of this vulnerability does not cause the affected device to unexpectedly reload. The device will recover autonomously within a few hours of when the attack is halted or mitigated. 2022-11-04 7.5 CVE-2022-20960

MISC
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx”] 2022-11-04 8.8 CVE-2022-20956

MISC
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user. 2022-11-04 8.8 CVE-2022-20961

MISC
cisco — identity_services_engine A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges. 2022-11-04 8.8 CVE-2022-20962

MISC
citrix — gateway Unauthorized access to Gateway user capabilities 2022-11-08 9.8 CVE-2022-27510

MISC
citrix — gateway User login brute force protection functionality bypass 2022-11-08 9.8 CVE-2022-27516

MISC
citrix — gateway Remote desktop takeover via phishing 2022-11-08 9.6 CVE-2022-27513

MISC
codection — import_and_export_users_and_customers The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. 2022-11-07 8 CVE-2022-3558

CONFIRM

CONFIRM
dedecms — dedecms DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. 2022-11-09 8.8 CVE-2022-43031

MISC

MISC
democritus — d8s-dates The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0. 2022-11-07 9.8 CVE-2022-44052

MISC

MISC

MISC
democritus — d8s-networking The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0. 2022-11-07 9.8 CVE-2022-44050

MISC

MISC

MISC
democritus — d8s-networking The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0. 2022-11-07 9.8 CVE-2022-44053

MISC

MISC

MISC
democritus — d8s-python The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0. 2022-11-07 9.8 CVE-2022-43305

MISC

MISC

MISC
democritus — d8s-python The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0. 2022-11-07 9.8 CVE-2022-44049

MISC

MISC

MISC
democritus — d8s-stats The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0. 2022-11-07 9.8 CVE-2022-44051

MISC

MISC

MISC
democritus — d8s-strings The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. 2022-11-07 9.8 CVE-2022-43303

MISC

MISC

MISC
democritus — d8s-timer The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. 2022-11-07 9.8 CVE-2022-43304

MISC

MISC

MISC
democritus — d8s-timer The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0. 2022-11-07 8.8 CVE-2022-43306

MISC

MISC

MISC
democritus — d8s-urls The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0. 2022-11-07 9.8 CVE-2022-44048

MISC

MISC

MISC
democritus — d8s-xml The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0. 2022-11-07 9.8 CVE-2022-44054

MISC

MISC

MISC
fastify — websocket @fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions. 2022-11-08 7.5 CVE-2022-39386

CONFIRM
flowring — agentflow_bpm

 
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service. 2022-11-10 9.8 CVE-2022-39036

MISC

MISC
flowring — agentflow_bpm

 
Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. 2022-11-10 7.5 CVE-2022-39037

MISC

MISC
fluentforms — contact_form The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection 2022-11-07 9.8 CVE-2022-3463

CONFIRM
food_ordering_management_system_project — food_ordering_management_system Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer. 2022-11-07 7.2 CVE-2022-42990

MISC
getshortcodes — shortcodes_ultimate Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin’s Shortcodes Ultimate plugin <= 5.12.0 on WordPress. 2022-11-08 8.8 CVE-2022-41136

CONFIRM

CONFIRM
gifdec_project — gifdec Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file. 2022-11-07 7.8 CVE-2022-43359

MISC
gitlab — gitlab Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim’s account. 2022-11-10 9 CVE-2022-3726

MISC

CONFIRM

MISC
gitlab — gitlab Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab 2022-11-09 7.5 CVE-2022-3285

CONFIRM

MISC
google — android In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-243825200 2022-11-08 7.8 CVE-2021-1050

MISC
google — android In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-246824784 2022-11-08 7.8 CVE-2021-39661

MISC
google — android In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-238605611 2022-11-08 7.8 CVE-2022-20441

MISC
google — android In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-210065877 2022-11-08 7.8 CVE-2022-20450

MISC
google — android In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235098883 2022-11-08 7.8 CVE-2022-20451

MISC
google — android In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318 2022-11-08 7.8 CVE-2022-20452

MISC
google — android In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230356196 2022-11-08 7.8 CVE-2022-20462

MISC
google — android In telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319132; Issue ID: ALPS07319132. 2022-11-08 7.8 CVE-2022-32601

MISC
google — android Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution. 2022-11-09 7.8 CVE-2022-39880

MISC
google — android Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code. 2022-11-09 7.8 CVE-2022-39882

MISC
google — android Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API. 2022-11-09 7.8 CVE-2022-39883

MISC
google — android In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-225876506 2022-11-08 7.5 CVE-2022-20445

MISC
google — chrome Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) 2022-11-09 9.6 CVE-2022-3890

MISC

MISC
google — chrome Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2022-11-09 8.8 CVE-2022-3445

MISC

MISC
google — chrome Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2022-11-09 8.8 CVE-2022-3446

MISC

MISC
google — chrome Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2022-11-09 8.8 CVE-2022-3448

MISC

MISC
google — chrome Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) 2022-11-09 8.8 CVE-2022-3449

MISC

MISC
google — chrome Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2022-11-09 8.8 CVE-2022-3450

MISC

MISC
google — chrome Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2022-11-09 8.8 CVE-2022-3885

MISC

MISC
google — chrome Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2022-11-09 8.8 CVE-2022-3886

MISC

MISC
google — chrome Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2022-11-09 8.8 CVE-2022-3887

MISC

MISC
google — chrome Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2022-11-09 8.8 CVE-2022-3888

MISC

MISC
google — chrome Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2022-11-09 8.8 CVE-2022-3889

MISC

MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds. 2022-11-08 8.1 CVE-2022-39328

CONFIRM
hcltech — domino HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. 2022-11-04 8.8 CVE-2022-38660

MISC
html2xhtml_project — html2xhtml html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file. 2022-11-08 8.1 CVE-2022-44311

MISC
huawei — emui The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. 2022-11-09 9.8 CVE-2022-44562

MISC

MISC
huawei — emui Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability. 2022-11-08 7.5 CVE-2022-44556

MISC
huawei — harmonyos The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback. 2022-11-09 9.8 CVE-2021-46851

MISC

MISC
huawei — harmonyos The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. 2022-11-09 7.5 CVE-2021-46852

MISC

MISC
huawei — harmonyos The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart. 2022-11-09 7.5 CVE-2022-44546

MISC

MISC
huawei — harmonyos The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability. 2022-11-09 7.5 CVE-2022-44547

MISC

MISC
huawei — harmonyos The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality. 2022-11-09 7.5 CVE-2022-44549

MISC

MISC
huawei — harmonyos The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability. 2022-11-09 7.5 CVE-2022-44550

MISC

MISC
human_resource_management_system_project — human_resource_management_system Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. 2022-11-07 8.8 CVE-2022-43318

MISC
inhandnetworks — ir302_firmware A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-11-09 8.8 CVE-2022-28689

MISC

CONFIRM
inhandnetworks — ir302_firmware A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability. 2022-11-09 8.8 CVE-2022-30543

CONFIRM

MISC
inhandnetworks — ir302_firmware A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. 2022-11-09 8.1 CVE-2022-29888

MISC

CONFIRM
jhead_project — jhead jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. 2022-11-04 7.8 CVE-2021-34055

MISC
linux — linux_kernel The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2022-11-04 7.5 CVE-2022-43945

MISC
mahara — mahara Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. 2022-11-06 9.8 CVE-2022-44544

MISC

MISC
mahara — mahara In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions. 2022-11-06 7.5 CVE-2022-42707

MISC

MISC
maxonerp — maxon A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039. 2022-11-07 9.8 CVE-2022-3878

MISC

MISC
mediatek — lr12a In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118. 2022-11-08 7.5 CVE-2022-26446

MISC
mendix — saml A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 7 compatible) (All versions >= V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration. 2022-11-08 9.8 CVE-2022-44457

MISC
microsoft — azure_iot_edge_for_linux Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. 2022-11-09 7 CVE-2022-38014

MISC
microsoft — azure_rtos_filex Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This function iterates through the log entries and performs required recovery operations. When properly crafted a log including entries of type `FX_FAULT_TOLERANT_DIR_LOG_TYPE` may be utilized to introduce unexpected behavior. This issue has been patched in version 6.2.0. A workaround to fix line 218 in fx_fault_tolerant_apply_logs.c is documented in the GHSA. 2022-11-08 7.8 CVE-2022-39343

CONFIRM

MISC
microsoft — azure_rtos_usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function prevents buffer overflow during handling of DFU UPLOAD command when current state is `UX_SYSTEM_DFU_STATE_DFU_IDLE`. This issue has been patched, please upgrade to version 6.1.12. As a workaround, add the `UPLOAD_LENGTH` check in all possible states. 2022-11-04 9.8 CVE-2022-39344

CONFIRM
microsoft — dwm_core_library Microsoft DWM Core Library Elevation of Privilege Vulnerability. 2022-11-09 7.8 CVE-2022-41096

MISC
microsoft — excel Microsoft Excel Security Feature Bypass Vulnerability. 2022-11-09 7.8 CVE-2022-41104

MISC
microsoft — excel Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41063. 2022-11-09 7.8 CVE-2022-41106

MISC
microsoft — exchange_server Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123. 2022-11-09 9.8 CVE-2022-41080

MISC
microsoft — exchange_server Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080. 2022-11-09 7.8 CVE-2022-41123

MISC
microsoft — exchange_server Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41079. 2022-11-09 7.5 CVE-2022-41078

MISC
microsoft — exchange_server Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41078. 2022-11-09 7.5 CVE-2022-41079

MISC
microsoft — microsoft_excel Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41106. 2022-11-09 7.8 CVE-2022-41063

MISC
microsoft — microsoft_wod Microsoft Word Remote Code Execution Vulnerability. 2022-11-09 7.8 CVE-2022-41061

MISC
microsoft — office Microsoft Office Graphics Remote Code Execution Vulnerability. 2022-11-09 7.8 CVE-2022-41107

MISC
microsoft — sharepoint

 
Microsoft SharePoint Server Remote Code Execution Vulnerability. 2022-11-09 8.8 CVE-2022-41062

MISC
microsoft — visual_studio_2017 Visual Studio Remote Code Execution Vulnerability. 2022-11-09 7.8 CVE-2022-41119

MISC
microsoft — windows_server_2008 Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41048. 2022-11-09 8.8 CVE-2022-41047

MISC
microsoft — windows_server_2008 Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41047. 2022-11-09 8.8 CVE-2022-41048

MISC
microsoft — windows_server_2008 Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118. 2022-11-09 8.8 CVE-2022-41128

MISC
microsoft — windows_server_2008 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. 2022-11-09 8.1 CVE-2022-37966

MISC
microsoft — windows_server_2008 Netlogon RPC Elevation of Privilege Vulnerability. 2022-11-09 8.1 CVE-2022-38023

MISC
microsoft — windows_server_2008 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41044, CVE-2022-41088. 2022-11-09 8.1 CVE-2022-41039

MISC
microsoft — windows_server_2008 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41088. 2022-11-09 8.1 CVE-2022-41044

MISC
microsoft — windows_server_2008 Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41086. 2022-11-09 7.8 CVE-2022-37992

MISC
microsoft — windows_server_2008 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41093, CVE-2022-41100. 2022-11-09 7.8 CVE-2022-41045

MISC
microsoft — windows_server_2008 Windows HTTP.sys Elevation of Privilege Vulnerability. 2022-11-09 7.8 CVE-2022-41057

MISC
microsoft — windows_server_2008 Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability. 2022-11-09 7.5 CVE-2022-41056

MISC
microsoft — windows_server_2008 Windows Network Address Translation (NAT) Denial of Service Vulnerability. 2022-11-09 7.5 CVE-2022-41058

MISC
microsoft — windows_server_2008 Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41128. 2022-11-09 7.5 CVE-2022-41118

MISC
microsoft — windows_server_2008 Windows Kerberos Elevation of Privilege Vulnerability. 2022-11-09 7.2 CVE-2022-37967

MISC
microsoft — windows_server_2012 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. 2022-11-09 7.8 CVE-2022-41125

MISC
microsoft — windows_sysmon Microsoft Windows Sysmon Elevation of Privilege Vulnerability. 2022-11-09 7.8 CVE-2022-41120

MISC
n-prolog_project — n-prolog N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c. 2022-11-08 7.5 CVE-2022-43343

MISC
nec — expresscluster_x_singleserversafe Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. 2022-11-08 9.8 CVE-2022-34822

MISC
nec — expresscluster_x_singleserversafe Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. 2022-11-08 9.8 CVE-2022-34823

MISC
nec — expresscluster_x_singleserversafe Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. 2022-11-08 9.8 CVE-2022-34824

MISC
nec — expresscluster_x_singleserversafe Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. 2022-11-08 9.8 CVE-2022-34825

MISC
netwrix — auditor Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITYSYSTEM user on affected systems, including on systems Netwrix Auditor monitors. 2022-11-08 9.8 CVE-2022-31199

MISC
objectfirst — object_first An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn’t produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in 1.0.13.1611. 2022-11-07 9.8 CVE-2022-44796

MISC
objectfirst — object_first An issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn’t validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611. 2022-11-07 8.8 CVE-2022-44794

MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity. 2022-11-09 9.8 CVE-2022-43058

MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test. 2022-11-07 7.2 CVE-2022-43051

MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete. 2022-11-07 7.2 CVE-2022-43052

MISC
online_tours_and_travels_management_system_project — online_tours_and_travels_management_system Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-07 7.2 CVE-2022-43050

MISC
openfga — openfga OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset relation (the right hand side of a ‘from’ statement). This issue has been patched in version v0.2.5. This update is not backward compatible with any authorization model that uses wildcard on a tupleset relation. 2022-11-08 9.8 CVE-2022-39352

CONFIRM
opensuse — openldap2 A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1. 2022-11-09 7.8 CVE-2022-31253

CONFIRM
opmc — woocommerce_dropshipping The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection 2022-11-07 9.8 CVE-2022-3481

CONFIRM
parseplatform — parse-server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This issue is patched in version 5.3.1 and in 4.10.18. There are no known workarounds. 2022-11-10 9.8 CVE-2022-39396

CONFIRM
passwork — passwork The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials. 2022-11-07 7.5 CVE-2022-42955

MISC

MISC
passwork — passwork The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password. 2022-11-07 7.5 CVE-2022-42956

MISC

MISC
pattersondental — eaglesoft Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file. 2022-11-07 7.8 CVE-2022-37710

MISC
phoenix_contact — fl_mguard_dm

 
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections. 2022-11-09 7.5 CVE-2021-34579

MISC
powercom_co_ltd — upsmon_pro UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data. 2022-11-10 7.5 CVE-2022-38122

MISC
powercom_co_ltd — upsmon_pro

 
UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service. 2022-11-10 9.8 CVE-2022-38119

MISC
pymatgen — pymatgen An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method 2022-11-09 7.5 CVE-2022-42964

MISC
python — python Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. 2022-11-07 7.8 CVE-2022-42919

MISC
python — python An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. 2022-11-09 7.5 CVE-2022-45061

MISC
python-poetry — cleo An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method 2022-11-09 7.5 CVE-2022-42966

MISC
qemu — qemu An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. 2022-11-07 8.6 CVE-2022-3872

MISC
really-simple-plugins — complianz The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML. 2022-11-07 8.8 CVE-2022-3494

CONFIRM
roxyfileman — roxy_fileman Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.) 2022-11-09 9.8 CVE-2022-40797

MISC

MISC

MISC
samsung — billing Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information. 2022-11-09 7.5 CVE-2022-39890

MISC
samsung — exynos_firmware Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory. 2022-11-09 9.1 CVE-2022-39881

MISC
samsung — pass Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature. 2022-11-09 9.8 CVE-2022-39892

MISC
sanitization_management_system_project — sanitization_management_system A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=save_quote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213012. 2022-11-05 9.8 CVE-2022-3868

N/A

N/A
sanitization_management_system_project — sanitization_management_system Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. 2022-11-07 7.2 CVE-2022-43350

MISC
sanitization_management_system_project — sanitization_management_system Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote. 2022-11-07 7.2 CVE-2022-43352

MISC
sap — 3d_visual_enterprise_viewer Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random, based on access rights of the memory, repeated success is not assured. 2022-11-08 7.8 CVE-2022-41211

MISC

MISC
sap — businessobjects_business_intelligence In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system. 2022-11-08 8.8 CVE-2022-41203

MISC

MISC
schneider-electric — ecostruxure_operator_terminal_expert A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). 2022-11-04 7.8 CVE-2022-41669

MISC
schneider-electric — ecostruxure_operator_terminal_expert A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). 2022-11-04 7.8 CVE-2022-41670

MISC
schneider-electric — ecostruxure_operator_terminal_expert A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). 2022-11-04 7.8 CVE-2022-41671

MISC
siemens — 7kg9501-0aa01-2aa1_firmware A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session. 2022-11-08 8.8 CVE-2022-43398

MISC
siemens — 7kg9501-0aa01-2aa1_firmware A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device. 2022-11-08 8.8 CVE-2022-43439

MISC
siemens — 7kg9501-0aa01-2aa1_firmware A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device. 2022-11-08 8.8 CVE-2022-43545

MISC
siemens — 7kg9501-0aa01-2aa1_firmware A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device. 2022-11-08 8.8 CVE-2022-43546

MISC
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process. 2022-11-08 7.8 CVE-2022-39136

MISC
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. 2022-11-08 7.8 CVE-2022-41660

MISC
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. 2022-11-08 7.8 CVE-2022-41661

MISC
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. 2022-11-08 7.8 CVE-2022-41662

MISC
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. 2022-11-08 7.8 CVE-2022-41663

MISC
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. 2022-11-08 7.8 CVE-2022-41664

MISC
siemens — parasolid A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.0 (All versions >= V34.0.252 < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V34.1 (All versions >= V34.1.242 < V34.1.244), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.0 (All versions >= V35.0.170 < V35.0.184). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17745) 2022-11-08 7.8 CVE-2022-39157

MISC
siemens — parasolid A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17854) 2022-11-08 7.8 CVE-2022-43397

MISC
siemens — qms_automotive A vulnerability has been identified in QMS Automotive (All versions). User credentials are stored in plaintext in the database. This could allow an attacker to gain access to credentials and impersonate other users. 2022-11-08 9.1 CVE-2022-43958

MISC
simple_e-learning_system_project — simple_e-learning_system An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. 2022-11-07 7.5 CVE-2022-43319

MISC
slidervilla — testimonial_slider Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. 2022-11-08 8.8 CVE-2022-44741

CONFIRM

CONFIRM
snowflake — snowflake-connector-python An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method 2022-11-09 7.5 CVE-2022-42965

MISC
soflyy — wp_all_import The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. 2022-11-07 7.2 CVE-2022-2711

CONFIRM
soflyy — wp_all_import The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files 2022-11-07 7.2 CVE-2022-3418

CONFIRM
splunk — splunk In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. 2022-11-04 8.8 CVE-2022-43563

MISC
splunk — splunk In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. 2022-11-04 8.8 CVE-2022-43565

MISC
splunk — splunk In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. 2022-11-04 8.8 CVE-2022-43567

MISC

MISC
splunk — splunk In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. 2022-11-04 8 CVE-2022-43566

MISC

MISC
symantec — endpoint_detection_and_response Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2022-11-08 9.8 CVE-2022-37015

MISC
trellix — intrusion_prevention_system_manager XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. 2022-11-04 7.2 CVE-2022-3340

CONFIRM
tuxera — ntfs-3g A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. 2022-11-06 7.8 CVE-2022-40284

MISC

MISC
varnish-software — varnish_cache_plus An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. 2022-11-09 7.5 CVE-2022-45060

MISC

MISC
varnish_cache_project — varnish_cache An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. 2022-11-09 7.5 CVE-2022-45059

MISC
vmware — workspace_one_assist VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. 2022-11-09 9.8 CVE-2022-31685

MISC
vmware — workspace_one_assist VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. 2022-11-09 9.8 CVE-2022-31686

MISC
vmware — workspace_one_assist VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. 2022-11-09 9.8 CVE-2022-31687

MISC
vmware — workspace_one_assist VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. 2022-11-09 9.8 CVE-2022-31689

MISC
wago — i/o-check_service In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. 2022-11-09 7.5 CVE-2021-34568

MISC
wago — i/o-check_service

 
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory. 2022-11-09 9.8 CVE-2021-34569

MISC
wago — i/o-check_service

 
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. 2022-11-09 9.1 CVE-2021-34566

MISC
wago — i/o-check_service

 
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. 2022-11-09 8.2 CVE-2021-34567

MISC
wiesemann_&_theis — multiple_products Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage 2022-11-10 8 CVE-2022-42786

MISC
windows — advanced_local_procedure_call Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41100. 2022-11-09 7.8 CVE-2022-41093

MISC
windows — advanced_local_procedure_call Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41093. 2022-11-09 7.8 CVE-2022-41100

MISC
windows — bind_filter_driver Windows Bind Filter Driver Elevation of Privilege Vulnerability. 2022-11-09 7 CVE-2022-41114

MISC
windows — digital_media_receiver Windows Digital Media Receiver Elevation of Privilege Vulnerability. 2022-11-09 7.8 CVE-2022-41095

MISC
windows — extensible_file_allocation_table Windows Extensible File Allocation Table Elevation of Privilege Vulnerability. 2022-11-09 7.8 CVE-2022-41050

MISC
windows — graphics_component Windows Graphics Component Remote Code Execution Vulnerability. 2022-11-09 7.8 CVE-2022-41052

MISC
windows — kerberos Windows Kerberos Denial of Service Vulnerability. 2022-11-09 7.5 CVE-2022-41053

MISC
windows — overlay_filter Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41102. 2022-11-09 7.8 CVE-2022-41101

MISC
windows — overlay_filter Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41101. 2022-11-09 7.8 CVE-2022-41102

MISC
windows — point-to-point_tunneling_protocol

 
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41044. 2022-11-09 8.1 CVE-2022-41088

MISC
windows — print_spooler Windows Print Spooler Elevation of Privilege Vulnerability. 2022-11-09 7.8 CVE-2022-41073

MISC
windows — resilient_file_system Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability. 2022-11-09 7.8 CVE-2022-41054

MISC
windows — win32 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. 2022-11-09 7.8 CVE-2022-41113

MISC
windows — win32k Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41109. 2022-11-09 7.8 CVE-2022-41092

MISC
windows — win32k Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41092. 2022-11-09 7.8 CVE-2022-41109

MISC
wolfssl — wolfssl In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.) 2022-11-07 9.1 CVE-2022-42905

MISC

MISC
xfce — xfce4-settings In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. 2022-11-09 9.8 CVE-2022-45062

MISC

MISC

MISC

MISC
xwiki — openid_connect XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the oidc.endpoint.* request parameters (or by using an XWiki-based OpenID provider with oidc.xwikiprovider. With the same approach, one could also provide a specific group mapping through oidc.groups.mapping that would make his user automatically part of the XWikiAdminGroup. This issue has been patched, please upgrade to 1.29.1. There is no workaround, an upgrade of the authenticator is required. 2022-11-04 7.5 CVE-2022-39387

MISC

CONFIRM

MISC

Back to top

Medium Vulnerabilities

Primary

Vendor — Product
Description Published CVSS Score Source & Patch Info
5-anker — 5_anker_connect Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress. 2022-11-08 4.8 CVE-2022-30545

CONFIRM

CONFIRM
acronis — cyber_protect_home_office Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. 2022-11-07 5.5 CVE-2022-44745

MISC
acronis — cyber_protect_home_office Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. 2022-11-07 5.5 CVE-2022-44746

MISC
addify — product_stock_manager The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options 2022-11-07 4.3 CVE-2022-3451

CONFIRM
aioseo — all_in_one_seo Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress. 2022-11-08 6.5 CVE-2022-42494

CONFIRM

CONFIRM
algolplus — advanced_dynamic_pricing_for_woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration. 2022-11-09 4.3 CVE-2022-43488

CONFIRM

CONFIRM
algolplus — advanced_dynamic_pricing_for_woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import. 2022-11-08 4.3 CVE-2022-43491

CONFIRM

CONFIRM
algolplus — advanced_order_export Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. 2022-11-08 6.5 CVE-2022-40128

CONFIRM

CONFIRM
bluetooth — bluetooth_core_specification An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel. 2022-11-08 4.3 CVE-2020-35473

MISC

MISC
canteen_management_system_project — canteen_management_system A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2022-11-08 5.4 CVE-2022-43144

MISC

MISC

MISC
cisco — asyncos A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system. 2022-11-04 6.5 CVE-2022-20867

MISC
cisco — asyncos A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device. 2022-11-04 6.5 CVE-2022-20942

MISC
cisco — broadworks_messaging_server A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} [“%7b%7bvalue%7d%7d”])}]] 2022-11-04 6.5 CVE-2022-20951

MISC
cisco — email_security_appliance_firmware A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. 2022-11-04 5.3 CVE-2022-20772

MISC
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid credentials to access the web-based management interface of an affected device. 2022-11-04 5.4 CVE-2022-20963

MISC
cisco — identity_services_engine A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability. 2022-11-04 5.3 CVE-2022-20937

MISC
cisco — umbrella A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. 2022-11-04 5.4 CVE-2022-20969

MISC
codeandmore — wp_page_widget Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change. 2022-11-08 4.3 CVE-2022-32587

CONFIRM

CONFIRM
csphere — clansphere A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter. 2022-11-09 6.1 CVE-2022-43119

MISC
diagrams — drawio Cross-site Scripting (XSS) – DOM in GitHub repository jgraph/drawio prior to 20.5.2. 2022-11-07 6.1 CVE-2022-3873

CONFIRM

MISC
diplib — diplib diplib v3.0.0 is vulnerable to Double Free. 2022-11-04 6.5 CVE-2021-39432

MISC

MISC
electronjs — electron The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn’t possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on(‘will-redirect’)` event, for all WebContents as a workaround. 2022-11-08 6.1 CVE-2022-36077

CONFIRM
eyesofnetwork — web_interface EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php. 2022-11-08 6.1 CVE-2022-41434

MISC
eyesofnetwork — web_interface EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php. 2022-11-08 4.8 CVE-2022-41432

MISC
eyesofnetwork — web_interface EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php. 2022-11-08 4.8 CVE-2022-41433

MISC
f-secure — safe WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 3 of 5). 2022-11-07 6.5 CVE-2022-38164

MISC

MISC
fatcatapps — analytics_cat Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change. 2022-11-08 4.3 CVE-2022-27855

CONFIRM

CONFIRM
feehi — feehicms FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer. 2022-11-09 6.1 CVE-2022-43320

MISC
flatcore — flatcore-cms A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. 2022-11-09 6.1 CVE-2022-43118

MISC
food_ordering_management_system_project — food_ordering_management_system Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php. 2022-11-07 4.8 CVE-2022-43046

MISC
froxlor — froxlor Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. 2022-11-05 6.1 CVE-2022-3869

CONFIRM

MISC
gitlab — gitlab An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. 2022-11-09 6.1 CVE-2022-3280

CONFIRM

MISC

MISC
gitlab — gitlab An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. 2022-11-09 6.1 CVE-2022-3486

MISC

MISC

CONFIRM
gitlab — gitlab A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. 2022-11-09 5.4 CVE-2022-3265

MISC

MISC

CONFIRM
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration’s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. 2022-11-09 5.4 CVE-2022-3483

MISC

MISC

CONFIRM
gitlab — gitlab An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don’t have access to. 2022-11-09 5.3 CVE-2022-2761

MISC

MISC

CONFIRM
gitlab — gitlab An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don’t have access to. 2022-11-10 5.3 CVE-2022-3793

CONFIRM

MISC
gitlab — gitlab An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance. 2022-11-10 5.3 CVE-2022-3818

MISC

CONFIRM
gitlab — gitlab Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project’s Audit Events and Developers or Maintainers to view the group’s Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above. 2022-11-10 4.3 CVE-2022-3413

MISC

CONFIRM
gitlab — gitlab Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn’t have access to that project. 2022-11-10 4.3 CVE-2022-3706

MISC

CONFIRM
gitlab — gitlab An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don’t have access to. 2022-11-10 4.3 CVE-2022-3819

CONFIRM

MISC
google — android In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262364; Issue ID: ALPS07262364. 2022-11-08 6.8 CVE-2022-32617

MISC
google — android In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262454; Issue ID: ALPS07262454. 2022-11-08 6.8 CVE-2022-32618

MISC
google — android In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242096164 2022-11-08 6.7 CVE-2022-20454

MISC
google — android In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID: ALPS06382421. 2022-11-08 6.7 CVE-2022-21778

MISC
google — android In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704. 2022-11-08 6.7 CVE-2022-32603

MISC
google — android In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ALPS07213898. 2022-11-08 6.7 CVE-2022-32605

MISC
google — android In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891. 2022-11-08 6.7 CVE-2022-32607

MISC
google — android In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373. 2022-11-08 6.7 CVE-2022-32611

MISC
google — android In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571. 2022-11-08 6.7 CVE-2022-32614

MISC
google — android In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559. 2022-11-08 6.7 CVE-2022-32615

MISC
google — android In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341258; Issue ID: ALPS07341258. 2022-11-08 6.7 CVE-2022-32616

MISC
google — android In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233604485 2022-11-08 6.5 CVE-2022-20447

MISC
google — android In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753. 2022-11-08 6.4 CVE-2022-32608

MISC
google — android In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410. 2022-11-08 6.4 CVE-2022-32609

MISC
google — android In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476. 2022-11-08 6.4 CVE-2022-32610

MISC
google — android In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500. 2022-11-08 6.4 CVE-2022-32612

MISC
google — android In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. 2022-11-08 6.4 CVE-2022-32613

MISC
google — android In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234441463 2022-11-08 5.5 CVE-2022-20414

MISC
google — android In multiple functions of many files, there is a possible obstruction of the user’s ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-236263294 2022-11-08 5.5 CVE-2022-20426

MISC
google — android In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-237540408 2022-11-08 5.5 CVE-2022-20448

MISC
google — android In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240685104 2022-11-08 5.5 CVE-2022-20453

MISC
google — android In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243924784 2022-11-08 5.5 CVE-2022-20457

MISC
google — android In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388790; Issue ID: ALPS07388790. 2022-11-08 5.5 CVE-2022-32602

MISC
google — android In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-218500036 2022-11-08 4.6 CVE-2022-20465

MISC
google — chrome Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) 2022-11-09 4.3 CVE-2022-3447

MISC

MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds. 2022-11-09 5.3 CVE-2022-39307

CONFIRM
gvectors — wpforo_forum Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion. 2022-11-08 5.4 CVE-2022-40632

CONFIRM

CONFIRM
gvectors — wpforo_forum Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. 2022-11-08 4.3 CVE-2022-40205

CONFIRM

CONFIRM
gvectors — wpforo_forum Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. 2022-11-08 4.3 CVE-2022-40206

CONFIRM

CONFIRM
hcltech — domino HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user’s person record. 2022-11-04 5.5 CVE-2022-38654

MISC
highlight_focus_project — highlight_focus The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-11-07 4.8 CVE-2022-3462

CONFIRM
hotelmanager_project — hotelmanager Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields. 2022-11-04 5.4 CVE-2021-39473

MISC

MISC
huawei — harmonyos There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality. 2022-11-09 5.9 CVE-2022-44563

MISC

MISC
huawei — harmonyos There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. 2022-11-09 4.3 CVE-2022-44548

MISC

MISC
human_resource_management_system_project — human_resource_management_system A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2022-11-07 6.1 CVE-2022-43317

MISC
infotel — tasklists tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting (XSS) – Create XSS in task content (when add it). This issue is patched in version 2.0.3. There are no known workarounds. 2022-11-10 6.1 CVE-2022-39398

CONFIRM

MISC
inhandnetworks — ir302_firmware A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. 2022-11-09 6.5 CVE-2022-26023

MISC

CONFIRM
inhandnetworks — ir302_firmware A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. 2022-11-09 6.5 CVE-2022-29481

CONFIRM

MISC
intelliants — subrion_cms A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field. 2022-11-09 6.1 CVE-2022-43120

MISC
intelliants — subrion_cms A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. 2022-11-09 6.1 CVE-2022-43121

MISC
joomla — joomla! An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. 2022-11-08 6.1 CVE-2022-27914

MISC
kaden — picoflux_air_water_meter In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device. 2022-11-09 6.5 CVE-2021-34577

MISC
lenovo — elan_miniport_touchpad_driver ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. 2022-11-07 4.7 CVE-2021-42205

MISC
mcafee — data_exchange_layer Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker. 2022-11-07 5.5 CVE-2022-2188

MISC
microsoft — .net_framework .NET Framework Information Disclosure Vulnerability. 2022-11-09 5.8 CVE-2022-41064

MISC
microsoft — bitlocker BitLocker Security Feature Bypass Vulnerability. 2022-11-09 4.6 CVE-2022-41099

MISC
microsoft — dynamics_365_business_central Microsoft Business Central Information Disclosure Vulnerability. 2022-11-09 4.4 CVE-2022-41066

MISC
microsoft — microsoft_word Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41103. 2022-11-09 5.5 CVE-2022-41060

MISC
microsoft — microsoft_word Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41060. 2022-11-09 5.5 CVE-2022-41103

MISC
microsoft — network_policy_server_radius Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability. 2022-11-09 6.5 CVE-2022-41097

MISC
microsoft — office Microsoft Excel Information Disclosure Vulnerability. 2022-11-09 5.5 CVE-2022-41105

MISC
microsoft — sharepoint_foundation Microsoft SharePoint Server Spoofing Vulnerability. 2022-11-09 6.5 CVE-2022-41122

MISC
microsoft — windows_10 Windows Hyper-V Denial of Service Vulnerability. 2022-11-09 6.5 CVE-2022-38015

MISC
microsoft — windows_server_2008 Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37992. 2022-11-09 6.4 CVE-2022-41086

MISC
microsoft — windows_server_2019 Windows Human Interface Device Information Disclosure Vulnerability. 2022-11-09 5.5 CVE-2022-41055

MISC
net-snmp — net-snmp handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. 2022-11-07 6.5 CVE-2022-44792

MISC

MISC
net-snmp — net-snmp handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. 2022-11-07 6.5 CVE-2022-44793

MISC

MISC
objectfirst — object_first An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611. 2022-11-07 6.5 CVE-2022-44795

MISC
openzeppelin — contracts OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization. 2022-11-04 5.6 CVE-2022-39384

MISC

CONFIRM
paloaltonetworks — cortex_xsoar A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges. 2022-11-09 6.7 CVE-2022-0031

MISC
perfexcrm — perfex_crm perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile. 2022-11-08 5.4 CVE-2021-40303

MISC
picoc_project — picoc PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator. 2022-11-08 5.5 CVE-2022-44312

MISC

MISC
picoc_project — picoc PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall. 2022-11-08 5.5 CVE-2022-44313

MISC

MISC
picoc_project — picoc PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall. 2022-11-08 5.5 CVE-2022-44314

MISC

MISC
picoc_project — picoc PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall. 2022-11-08 5.5 CVE-2022-44315

MISC

MISC
picoc_project — picoc PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken. 2022-11-08 5.5 CVE-2022-44316

MISC

MISC
picoc_project — picoc PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall. 2022-11-08 5.5 CVE-2022-44317

MISC

MISC
picoc_project — picoc PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall. 2022-11-08 5.5 CVE-2022-44318

MISC

MISC
picoc_project — picoc PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall. 2022-11-08 5.5 CVE-2022-44319

MISC

MISC
picoc_project — picoc PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall. 2022-11-08 5.5 CVE-2022-44320

MISC

MISC
picoc_project — picoc PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken. 2022-11-08 5.5 CVE-2022-44321

MISC

MISC
powercom_co_ltd — upsmon_pro UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files. 2022-11-10 6.5 CVE-2022-38120

MISC
powercom_co_ltd — upsmon_pro UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators’ account names and passwords via this unprotected configuration file. 2022-11-10 6.5 CVE-2022-38121

MISC
rymera — advanced_coupons Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal. 2022-11-08 4.3 CVE-2022-43481

CONFIRM

CONFIRM
samsung — editor_lite Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information. 2022-11-09 5.5 CVE-2022-39891

MISC
sandhillsdev — easy_digital_downloads The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack 2022-11-07 4.3 CVE-2022-2387

CONFIRM
sanitization_management_system_project — sanitization_management_system Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. 2022-11-07 6.5 CVE-2022-43351

MISC
sap — biller_direct SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker’s choosing which can result in disclosure or modification of the victim’s information. 2022-11-08 6.1 CVE-2022-41207

MISC

MISC
sap — financial_consolidation Due to insufficient input validation, SAP Financial Consolidation – version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application. 2022-11-08 6.5 CVE-2022-41258

MISC

MISC
sap — financial_consolidation SAP Financial Consolidation – version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. 2022-11-08 6.1 CVE-2022-41260

MISC

MISC
sap — financial_consolidation Due to insufficient input validation, SAP Financial Consolidation – version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application. 2022-11-08 5.4 CVE-2022-41208

MISC

MISC
sap — gui SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application. 2022-11-08 6.1 CVE-2022-41205

MISC

MISC
sap — netweaver_application_server_abap Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application. 2022-11-08 6.5 CVE-2022-41214

MISC

MISC
sap — netweaver_application_server_abap Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application. 2022-11-08 4.9 CVE-2022-41212

MISC

MISC
sap — netweaver_application_server_abap SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. 2022-11-08 4.7 CVE-2022-41215

MISC

MISC
sap — sql_anywhere SAP SQL Anywhere – version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. 2022-11-08 6.5 CVE-2022-41259

MISC

MISC
searchwp — searchwp Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. 2022-11-08 4.3 CVE-2022-40223

CONFIRM

CONFIRM
shopwind — shopwind Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. 2022-11-09 6.1 CVE-2022-43321

MISC

MISC
simple_video_embedder_project — simple_video_embedder Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao’s Simple Video Embedder plugin <= 2.2 on WordPress. 2022-11-09 5.4 CVE-2022-44590

CONFIRM

CONFIRM
splunk — splunk In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros. 2022-11-04 6.5 CVE-2022-43564

MISC
splunk — splunk In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error. 2022-11-04 6.5 CVE-2022-43570

MISC
splunk — splunk In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. 2022-11-04 6.5 CVE-2022-43572

MISC
splunk — splunk In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio. 2022-11-04 6.1 CVE-2022-43568

MISC

MISC
splunk — splunk In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. 2022-11-04 5.4 CVE-2022-43562

MISC
splunk — splunk In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. 2022-11-04 5.4 CVE-2022-43569

MISC

MISC
stiltsoft — handy_macros_for_confluence The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. 2022-11-04 5.4 CVE-2022-44724

MISC
systemd_project — systemd An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. 2022-11-08 5.5 CVE-2022-3821

MISC

MISC

MISC

MISC
vmware — workspace_one_assist VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window. 2022-11-09 6.1 CVE-2022-31688

MISC
watchdog — anti-virus Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files. 2022-11-04 6.5 CVE-2022-38582

MISC
webartesanal — mantenimiento_web Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress. 2022-11-08 4.8 CVE-2022-41980

CONFIRM

CONFIRM
weberge — wp_hide The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request 2022-11-07 5.3 CVE-2022-3489

CONFIRM
windows — gdi+ Windows GDI+ Information Disclosure Vulnerability. 2022-11-09 5.5 CVE-2022-41098

MISC
windows — mark_of_the_web_security_feature Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41091. 2022-11-09 5.4 CVE-2022-41049

MISC
windows — mark_of_the_web_security_feature Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049. 2022-11-09 5.4 CVE-2022-41091

MISC
windows — point-to-point_tunneling_protocol Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41116. 2022-11-09 5.9 CVE-2022-41090

MISC
windows — point-to-point_tunneling_protocol Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41090. 2022-11-09 5.9 CVE-2022-41116

MISC
windows_and_linux — nvidia_gpu_display_driver NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. 2022-11-10 6.5 CVE-2022-34666

MISC
wpadvancedads — advanced_ads_-_ad_manager_&_adsense Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress. 2022-11-08 4.8 CVE-2022-32776

CONFIRM

CONFIRM
zkteco — biotime ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. 2022-11-08 5.3 CVE-2022-30515

MISC

MISC
zohocorp — zoho_crm_lead_magnet Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. 2022-11-09 6.5 CVE-2022-41978

CONFIRM

CONFIRM
zte — zaip-aie There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content. 2022-11-08 5.3 CVE-2022-39069

MISC

Back to top

Low Vulnerabilities

Primary

Vendor — Product
Description Published CVSS Score Source & Patch Info
f-secure — safe WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 2 of 5). 2022-11-07 3.5 CVE-2022-38163

MISC

MISC
google — android In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-229793943 2022-11-08 3.3 CVE-2022-20446

MISC
google — android In factoryReset of WifiServiceImpl, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to a local non-security issue across network factory resets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231985227 2022-11-08 3.3 CVE-2022-20463

MISC
google — android Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. 2022-11-09 3.3 CVE-2022-39879

MISC
google — android Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. 2022-11-09 3.3 CVE-2022-39884

MISC
google — android Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. 2022-11-09 3.3 CVE-2022-39885

MISC
google — android Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. 2022-11-09 3.3 CVE-2022-39886

MISC
google — android Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting. 2022-11-09 3.3 CVE-2022-39887

MISC
samsung — galaxy_buds_pro_manage Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log. 2022-11-09 3.3 CVE-2022-39893

MISC
samsung — galaxywatch4plugin Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information. 2022-11-09 3.3 CVE-2022-39889

MISC
siemens — simatic_wincc_runtime A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. 2022-11-08 3.5 CVE-2022-30694

MISC

Back to top

Severity Not Yet Assigned

Primary

Vendor — Product
Description Published CVSS Score Source & Patch Info
agentflow –bpm_enterprise_management_system Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service. 2022-11-10 not yet calculated CVE-2022-39038

MISC

MISC
amd — link_android Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. 2022-11-09 not yet calculated CVE-2022-27673

MISC
amd — multiple_products Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. 2022-11-09 not yet calculated CVE-2020-12930

MISC
amd — multiple_products Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. 2022-11-09 not yet calculated CVE-2020-12931

MISC
amd — multiple_products An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP. 2022-11-09 not yet calculated CVE-2021-26360

MISC
amd — multiple_products Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. 2022-11-09 not yet calculated CVE-2021-26391

MISC
amd — multiple_products Insufficient verification of missing size check in ‘LoadModule’ may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. 2022-11-09 not yet calculated CVE-2021-26392

MISC
amd — multiple_products Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality. 2022-11-09 not yet calculated CVE-2021-26393

MISC
amd — processors IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. 2022-11-09 not yet calculated CVE-2022-23824

MISC

MLIST
amd — μProf Insufficient validation of the IOCTL input buffer in AMD ?Prof may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. 2022-11-09 not yet calculated CVE-2022-23831

MISC
amd — μProf Insufficient validation in the IOCTL input/output buffer in AMD ?Prof may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. 2022-11-09 not yet calculated CVE-2022-27674

MISC

arches — arches

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it’s possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds. 2022-11-11 not yet calculated CVE-2022-41892

CONFIRM
ayacms — ayacms AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-10 not yet calculated CVE-2022-43074

MISC
bmc_remedy — bmc_remedy An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the “number of recipients” field. NOTE: the vendor’s position is that “no real impact is demonstrated.” 2022-11-10 not yet calculated CVE-2022-26088

MISC
btcd — btcd btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. 2022-11-07 not yet calculated CVE-2022-44797

MISC

MISC

MISC

MISC
cbrn-analysis — cbrn-analysis CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. 2022-11-12 not yet calculated CVE-2022-45193

MISC
cbrn-analysis — cbrn-analysis CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. 2022-11-12 not yet calculated CVE-2022-45194

MISC

contiki-ng — contiki-ng

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the “develop” branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub. 2022-11-11 not yet calculated CVE-2022-41873

CONFIRM

MISC
deeplearning4j — deeplearning4j Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here. 2022-11-10 not yet calculated CVE-2022-36022

CONFIRM

MISC
dotcms — dotcms dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. (This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users.) Some Java application frameworks, including those used by Spring or Tomcat, allow the use of matrix parameters: these are URI parameters separated by semicolons. Through precise semicolon placement in a URI, it is possible to exploit this feature to avoid dotCMS’s path-based XSS prevention (such as “require login” filters), and consequently access restricted resources. For example, an attacker could place a semicolon immediately before a / character that separates elements of a filesystem path. This could reveal file content that is ordinarily only visible to signed-in users. This issue can be chained with other exploit code to achieve XSS attacks against dotCMS. 2022-11-10 not yet calculated CVE-2022-35740

MISC

MISC

drogon — drogon

A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464. 2022-11-11 not yet calculated CVE-2022-3959

N/A

N/A

N/A

N/A
eclipse — californium Eclipse Californium is a Java implementation of RFC7252 – Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don’t cleanup counters for throttling, causing the threshold to be reached without being released again. This results in permanently dropping records. The issue was reported for certificate based handshakes, but may also affect PSK based handshakes. It generally affects client and server as well. This issue is patched in version 3.7.0 and 2.7.4. There are no known workarounds. main: commit 726bac57659410da463dcf404b3e79a7312ac0b9 2.7.x: commit 5648a0c27c2c2667c98419254557a14bac2b1f3f 2022-11-10 not yet calculated CVE-2022-39368

CONFIRM

MISC

MISC

element_ios — element_ios

Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds. 2022-11-11 not yet calculated CVE-2022-41904

MISC

CONFIRM
eolinker — goku_lite A vulnerability classified as critical has been found in eolinker goku_lite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213453 was assigned to this vulnerability. 2022-11-11 not yet calculated CVE-2022-3947

N/A

N/A

N/A
eolinker — goku_lite A vulnerability classified as critical was found in eolinker goku_lite. This vulnerability affects unknown code of the file /plugin/getList. The manipulation of the argument route/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-213454 is the identifier assigned to this vulnerability. 2022-11-11 not yet calculated CVE-2022-3948

N/A

N/A

N/A

espcms — espcms 

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. 2022-11-10 not yet calculated CVE-2022-44087

MISC

MISC

espcms — espcms 

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION. 2022-11-10 not yet calculated CVE-2022-44088

MISC

MISC

espcms — espcms 

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE. 2022-11-10 not yet calculated CVE-2022-44089

MISC

MISC
etic_telecom — remote_access_server All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device. 2022-11-10 not yet calculated CVE-2022-3703

MISC
etic_telecom — remote_access_server All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device. 2022-11-10 not yet calculated CVE-2022-40981

MISC
etic_telecom — remote_access_server All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more. 2022-11-10 not yet calculated CVE-2022-41607

MISC
exiv2 — exiv2 A vulnerability was found in Exiv2. It has been classified as problematic. This affects the function QuickTimeVideo::multipleEntriesDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to infinite loop. It is possible to initiate the attack remotely. The name of the patch is 771ead87321ae6e39e5c9f6f0855c58cde6648f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213459. 2022-11-11 not yet calculated CVE-2022-3953

N/A

N/A

N/A
fortbridge — plesk_obsidian Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names (“Obsidian”), not numbers. 2022-11-10 not yet calculated CVE-2022-45130

MISC
foru — cms A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability. 2022-11-11 not yet calculated CVE-2022-3943

N/A

N/A

foxit — foxit_reader

An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. 2022-11-09 not yet calculated CVE-2022-43310

MISC

MISC

MISC

gnuboard5 — gnuboard5

A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540. 2022-11-12 not yet calculated CVE-2022-3963

N/A

N/A
go — vela Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to Server 0.16.0, Worker 0.16.0, and UI 0.17.0 to fix the issue. After upgrading, Vela administrators will need to explicitly change the default settings to configure Vela as desired. Some of the fixes will interrupt existing workflows and will require Vela administrators to modify default settings. However, not applying the patch (or workarounds) will continue existing risk exposure. Some workarounds are available. Vela administrators can adjust the worker’s `VELA_RUNTIME_PRIVILEGED_IMAGES` setting to be explicitly empty, leverage the `VELA_REPO_ALLOWLIST` setting on the server component to restrict access to a list of repositories that are allowed to be enabled, and/or audit enabled repositories and disable pull_requests if they are not needed. 2022-11-10 not yet calculated CVE-2022-39395

MISC

MISC

MISC

MISC

MISC

CONFIRM

MISC

MISC

MISC

MISC
gpac — gpac A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463. 2022-11-11 not yet calculated CVE-2022-3957

N/A

N/A
grafana — grafana Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. This introduces a vulnerability which can be used with malicious intent. This issue is patched in version 9.2.4, and has been backported to 8.5.15. There are no known workarounds. 2022-11-09 not yet calculated CVE-2022-39306

CONFIRM
graphql — graphql ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically administrators and editors. This issue has been patched in versions 2.3.12, and 1.0.13 on the 1.X branch. Users unable to upgrade can remove the “passwordHash” entry from “src/bundle/Resources/config/graphql/User.types.yaml” in the GraphQL package, and other properties like hash type, email, login if you prefer. 2022-11-10 not yet calculated CVE-2022-41876

CONFIRM

hashicorp — nomad_enterprise

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2. 2022-11-10 not yet calculated CVE-2022-3866

MISC

hashicorp — nomad_enterprise

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2. 2022-11-10 not yet calculated CVE-2022-3867

MISC
huawei — harmonyos The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. 2022-11-09 not yet calculated CVE-2022-44551

MISC

MISC
huawei — harmonyos The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. 2022-11-09 not yet calculated CVE-2022-44552

MISC

MISC
huawei — harmonyos The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically. 2022-11-09 not yet calculated CVE-2022-44553

MISC

MISC
huawei — harmonyos The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device. 2022-11-09 not yet calculated CVE-2022-44554

MISC

MISC
huawei — harmonyos The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable. 2022-11-09 not yet calculated CVE-2022-44555

MISC

MISC
huawei — harmonyos The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality. 2022-11-09 not yet calculated CVE-2022-44557

MISC

MISC
huawei — harmonyos The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. 2022-11-09 not yet calculated CVE-2022-44558

MISC

MISC
huawei — harmonyos The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. 2022-11-09 not yet calculated CVE-2022-44559

MISC

MISC
huawei — harmonyos The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. 2022-11-09 not yet calculated CVE-2022-44560

MISC

MISC
huawei — harmonyos The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction. 2022-11-09 not yet calculated CVE-2022-44561

MISC

MISC

hyperledger — hyperledger_fabric

Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist. 2022-11-12 not yet calculated CVE-2022-45196

MISC

MISC
ibm — cloud_pak_for_security IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663. 2022-11-11 not yet calculated CVE-2022-36776

MISC

MISC
ibm — cloud_pak_for_security IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786. 2022-11-11 not yet calculated CVE-2022-38387

MISC

MISC
ibm — multiple_products IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. 2022-11-11 not yet calculated CVE-2022-31772

MISC

MISC
ibm — powervm_hypervisor After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695. 2022-11-11 not yet calculated CVE-2022-34331

MISC

MISC
ibm — websphere_application_server IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. 2022-11-11 not yet calculated CVE-2022-40750

MISC

MISC
inhand_networks– inrouter302 The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability. 2022-11-09 not yet calculated CVE-2022-25932

MISC

CONFIRM
intel — advanced_link_analyzer_pro Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-27638

MISC
intel — amt Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2021-33159

MISC
intel — amt Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. 2022-11-11 not yet calculated CVE-2022-26845

MISC
intel — amt Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access. 2022-11-11 not yet calculated CVE-2022-27497

MISC

intel — amt

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. 2022-11-11 not yet calculated CVE-2022-29893

MISC

intel — dcm

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2022-11-11 not yet calculated CVE-2022-33942

MISC
intel — distribution_of_openvino_toolkit Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access. 2022-11-11 not yet calculated CVE-2021-26251

MISC
intel — ema Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-30297

MISC

intel — glorp

Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-30548

MISC
intel — hyperscan_library Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access. 2022-11-11 not yet calculated CVE-2022-29486

MISC
intel — multiple_products Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-21794

MISC
intel — multiple_products Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-26024

MISC
intel — multiple_products Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-26124

MISC
intel — multiple_products Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. 2022-11-11 not yet calculated CVE-2022-26341

MISC

intel — multiple_products

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-33176

MISC
intel — multiple_products Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-34152

MISC
intel — multiple_products Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access. 2022-11-11 not yet calculated CVE-2022-36349

MISC

intel — multiple_products

Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-36370

MISC
intel — multiple_products Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-36789

MISC

intel — multiple_products

Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-37334

MISC

intel — nuc

Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-35276

MISC

intel — nuc_11_compute_elements

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-38099

MISC

intel — nuc_kit_wireless_adapter

Incorrect default permissions in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-36377

MISC
intel — nuc_kit_wireless_adapter Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-36380

MISC
intel — nuc_kit_wireless_adapter Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-36384

MISC
intel — nuc_kit_wireless_adapter Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-36400

MISC
intel — nuc_kits Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-37345

MISC

intel — nuc_m15_laptop_kits

Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-32569

MISC
intel — nucs Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2021-33164

MISC
intel — presentmon Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-26086

MISC
intel — processors Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-21198

MISC
intel — processors Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-26006

MISC
intel — proset/wireless_wifi Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2022-11-11 not yet calculated CVE-2022-28667

MISC
intel — quartus_prime_pro XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. 2022-11-11 not yet calculated CVE-2022-27233

MISC
intel — quartus_prime_standard Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-27187

MISC
intel — sdp_tool Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access. 2022-11-11 not yet calculated CVE-2022-26508

MISC
intel — server_board_m10jnp_family Improper input validation in the firmware for some Intel(R) Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-11-10 not yet calculated CVE-2021-0185

MISC
intel — server_board_m50cyp_family Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access. 2022-11-11 not yet calculated CVE-2022-25917

MISC

intel — server_systems

Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-30542

MISC
intel — sgx_sdk Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. 2022-11-11 not yet calculated CVE-2022-27499

MISC
intel — sps Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access. 2022-11-11 not yet calculated CVE-2022-29466

MISC

intel — sps_chipsets

Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access. 2022-11-11 not yet calculated CVE-2022-29515

MISC
intel — support_android_application Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access. 2022-11-11 not yet calculated CVE-2022-30691

MISC

intel — support_android_application

Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access. 2022-11-11 not yet calculated CVE-2022-36367

MISC
intel — system_studio Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2021-33064

MISC
intel — vtune_profiler Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-26028

MISC
intel — wapi Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. 2022-11-11 not yet calculated CVE-2022-33973

MISC
intel — xmm_7560_modem Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. 2022-11-11 not yet calculated CVE-2022-26045

MISC
intel — xmm_7560_modem Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-26079

MISC
intel — xmm_7560_modem Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-26367

MISC
intel — xmm_7560_modem Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. 2022-11-11 not yet calculated CVE-2022-26369

MISC
intel — xmm_7560_modem Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2022-11-11 not yet calculated CVE-2022-26513

MISC
intel — xmm_7560_modem Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. 2022-11-11 not yet calculated CVE-2022-27639

MISC
intel — xmm_7560_modem Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. 2022-11-11 not yet calculated CVE-2022-27874

MISC
intel — xmm_7560_modem Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. 2022-11-11 not yet calculated CVE-2022-28126

MISC
intel — xmm_7560_modem Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. 2022-11-11 not yet calculated CVE-2022-28611

MISC
intel — multiple_products

 
Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access. 2022-11-11 not yet calculated CVE-2022-26047

MISC

istio — istio

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds. 2022-11-10 not yet calculated CVE-2022-39388

CONFIRM

MISC

MISC

MISC

jerryhanjj — erp

A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451. 2022-11-11 not yet calculated CVE-2022-3944

N/A

N/A

kareadita — kavita

Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. 2022-11-11 not yet calculated CVE-2022-3945

CONFIRM

MISC

lanyulei — ferry

A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier assigned to this vulnerability. 2022-11-11 not yet calculated CVE-2022-3939

N/A

lanyulei — ferry

A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument file_name leads to path traversal. The associated identifier of this vulnerability is VDB-213447. 2022-11-11 not yet calculated CVE-2022-3940

N/A

lin-cms — lin-cms 

An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. 2022-11-09 not yet calculated CVE-2022-44244

MISC

MISC
manageengine — mobile_device_manager_plus In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. 2022-11-12 not yet calculated CVE-2022-41339

MISC
manageengine — multiple_products Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. 2022-11-12 not yet calculated CVE-2022-43671

MISC
manageengine — multiple_products Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. 2022-11-12 not yet calculated CVE-2022-43672

MISC

manageengine — servicedesk_plus_msp

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. 2022-11-12 not yet calculated CVE-2022-40773

MISC

MISC

mitsubishi_electric — multiple_products

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric’s advisory which is listed in [References] section. 2022-11-08 not yet calculated CVE-2022-33321

MISC

MISC

mitsubishi_electric — multiple_products

Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user’s browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric’s advisory which is listed in [References] section. 2022-11-08 not yet calculated CVE-2022-33322

MISC

MISC
mm-wki — mm-wki mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS). 2022-11-10 not yet calculated CVE-2021-40289

MISC
netatalk — netatalk Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). 2022-11-12 not yet calculated CVE-2022-45188

MISC

MISC

MISC

MISC

nextcloud — desktop_client

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. “vbs”, is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused. 2022-11-11 not yet calculated CVE-2022-41882

MISC

CONFIRM

MISC

MISC
novell_products — multiple_products A Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. 2022-11-10 not yet calculated CVE-2022-43753

CONFIRM
novell_products — multiple_products An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. 2022-11-10 not yet calculated CVE-2022-43754

CONFIRM

opensearch — opensearch_notifications

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin 2.2.0 and below could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin’s intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds. 2022-11-11 not yet calculated CVE-2022-41906

MISC

CONFIRM

MISC
owncloud — server The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages. 2022-11-10 not yet calculated CVE-2022-43679

MISC
parse_server — parse_server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the `requestKeywordDenylist` option. This issue is fixed in versions 4.10.19, and 5.3.2. If upgrade is not possible, the following Workarounds may be applied: Configure your firewall to only allow trusted servers to make request to the Parse Server Cloud Code Webhooks API, or block the API completely if you are not using the feature. 2022-11-10 not yet calculated CVE-2022-41878

CONFIRM
parse_server — parse_server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server `requestKeywordDenylist` option. This issue has been patched in versions 5.3.3 and 4.10.20. There are no known workarounds. 2022-11-10 not yet calculated CVE-2022-41879

CONFIRM
payara — payara Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0. 2022-11-10 not yet calculated CVE-2022-45129

MISC

MISC

MISC

MISC

MISC
pi-star — pi-star_dv_dash Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. 2022-11-11 not yet calculated CVE-2022-45182

MISC

MISC

MISC

MISC

MISC

portofino — manydesigns

A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability. 2022-11-11 not yet calculated CVE-2022-3952

N/A

N/A

N/A

N/A
prestashop — eu_cookie_law_gdpr_module The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ). 2022-11-10 not yet calculated CVE-2022-44727

MISC

MISC

MISC
redex — redex DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file. 2022-11-11 not yet calculated CVE-2022-36938

MISC

sandisk — multiple_products

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux. 2022-11-09 not yet calculated CVE-2022-29836

MISC

sanluan — publiccms

A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456. 2022-11-11 not yet calculated CVE-2022-3950

N/A

N/A
simplex — simplexmq SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol. 2022-11-12 not yet calculated CVE-2022-45195

MISC

MISC

MISC

MISC
snakeyaml — snakeyaml Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. 2022-11-11 not yet calculated CVE-2022-41854

CONFIRM

sourcecodester — sanitization_management_system

A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability. 2022-11-11 not yet calculated CVE-2022-3942

N/A
sourcecodester — simple_cashiering_system A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-213455. 2022-11-11 not yet calculated CVE-2022-3949

N/A
suse — multiple_products An Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. 2022-11-10 not yet calculated CVE-2022-31255

CONFIRM

sysstat — sa_common.c

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. 2022-11-08 not yet calculated CVE-2022-39377

CONFIRM

tauri — tauri

Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json. 2022-11-10 not yet calculated CVE-2022-41874

CONFIRM

tholum — crm42

A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42classclass.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability. 2022-11-11 not yet calculated CVE-2022-3955

N/A

N/A
tsruban — hhims A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability. 2022-11-11 not yet calculated CVE-2022-3956

N/A

N/A
unmarshal — unmarshal Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. 2022-11-10 not yet calculated CVE-2022-41719

MISC

MISC

MISC
wasmtime — webassembly Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime’s implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration requirements for safely executing WebAssembly modules. Wasmtime’s default settings require virtual memory page faults to indicate that wasm reads/writes are out-of-bounds, but the pooling allocator’s configuration would not create an appropriate virtual memory mapping for this meaning out of bounds reads/writes can successfully read/write memory unrelated to the wasm sandbox within range of the base address of the memory mapping created by the pooling allocator. This bug is not applicable with the default settings of the `wasmtime` crate. This bug can only be triggered by setting `InstanceLimits::memory_pages` to zero. This is expected to be a very rare configuration since this means that wasm modules cannot allocate any pages of linear memory. All wasm modules produced by all current toolchains are highly likely to use linear memory, so it’s expected to be unlikely that this configuration is set to zero by any production embedding of Wasmtime. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by increasing the `memory_pages` allotment when configuring the pooling allocator to a value greater than zero. If an embedding wishes to still prevent memory from actually being used then the `Store::limiter` method can be used to dynamically disallow growth of memory beyond 0 bytes large. Note that the default `memory_pages` value is greater than zero. 2022-11-10 not yet calculated CVE-2022-39392

CONFIRM

MISC
wasmtime — webassembly Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime’s implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`. 2022-11-10 not yet calculated CVE-2022-39393

MISC

CONFIRM
wasmtime — webassembly Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime’s C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected. 2022-11-10 not yet calculated CVE-2022-39394

CONFIRM

MISC
wiesemann_&_theis — comserver Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. An unathenticated remote attacker can brute force the session id and gets access to an account on the the device. 2022-11-10 not yet calculated CVE-2022-42787

MISC
wordpress — wordpress A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448. 2022-11-11 not yet calculated CVE-2022-3941

N/A

N/A

N/A
wordpress — wordpress Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. 2022-11-10 not yet calculated CVE-2022-42460

CONFIRM

CONFIRM

wsgidav — wsgidav

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration. 2022-11-11 not yet calculated CVE-2022-41905

MISC

CONFIRM
xpdfreader — xpdfreader xpdfreader 4.03 is vulnerable to Buffer Overflow. 2022-11-10 not yet calculated CVE-2021-40226

MISC
xterm — xterm xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. 2022-11-10 not yet calculated CVE-2022-45063

MISC

MISC

MISC

MLIST

MLIST

Back to top

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.