| 74cms — 74cmsse |
An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. |
2022-10-17 |
9.8 |
CVE-2022-42154
MISC |
| acer — altos_w2000h-w570h_f4_firmware |
Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable. |
2022-10-19 |
9.8 |
CVE-2022-41415
MISC
MISC
MISC |
| adobe — acrobat_reader_dc |
Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-10-14 |
7.8 |
CVE-2022-38450
MISC |
| adobe — acrobat_reader_dc |
Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-10-14 |
7.8 |
CVE-2022-42339
MISC |
| adobe — coldfusion |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. |
2022-10-14 |
9.8 |
CVE-2022-35690
MISC |
| adobe — coldfusion |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. |
2022-10-14 |
9.8 |
CVE-2022-35710
MISC |
| adobe — coldfusion |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. |
2022-10-14 |
9.8 |
CVE-2022-35711
MISC |
| adobe — coldfusion |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. |
2022-10-14 |
9.8 |
CVE-2022-35712
MISC |
| adobe — coldfusion |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. |
2022-10-14 |
9.8 |
CVE-2022-38418
MISC |
| adobe — coldfusion |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. |
2022-10-14 |
7.5 |
CVE-2022-38419
MISC |
| adobe — coldfusion |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction. |
2022-10-14 |
7.5 |
CVE-2022-38420
MISC |
| adobe — coldfusion |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction. |
2022-10-14 |
7.5 |
CVE-2022-38422
MISC |
| adobe — coldfusion |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. |
2022-10-14 |
7.5 |
CVE-2022-42340
MISC |
| adobe — coldfusion |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. |
2022-10-14 |
7.5 |
CVE-2022-42341
MISC |
| adobe — coldfusion |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges. |
2022-10-14 |
7.2 |
CVE-2022-38421
MISC |
| adobe — coldfusion |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges. |
2022-10-14 |
7.2 |
CVE-2022-38424
MISC |
| adobe — dimension |
Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-10-14 |
7.8 |
CVE-2022-38440
MISC |
| adobe — dimension |
Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-10-14 |
7.8 |
CVE-2022-38441
MISC |
| adobe — dimension |
Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-10-14 |
7.8 |
CVE-2022-38442
MISC |
| adobe — dimension |
Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-10-14 |
7.8 |
CVE-2022-38444
MISC |
| adobe — dimension |
Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-10-14 |
7.8 |
CVE-2022-38445
MISC |
| adobe — dimension |
Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-10-14 |
7.8 |
CVE-2022-38446
MISC |
| adobe — dimension |
Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-10-14 |
7.8 |
CVE-2022-38447
MISC |
| adobe — dimension |
Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-10-14 |
7.8 |
CVE-2022-38448
MISC |
| aethon — tug_home_base_server |
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. |
2022-10-21 |
8.2 |
CVE-2022-1066
MISC |
| aethon — tug_home_base_server |
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. |
2022-10-21 |
8.1 |
CVE-2022-1070
MISC |
| aethon — tug_home_base_server |
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. |
2022-10-21 |
7.5 |
CVE-2022-26423
MISC |
| anji-plus — report |
anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. |
2022-10-17 |
8.8 |
CVE-2022-42983
MISC
MISC |
| apache — dubbo |
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions. |
2022-10-18 |
9.8 |
CVE-2022-39198
MISC |
| asus — asusswitch |
AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0. |
2022-10-18 |
7.8 |
CVE-2022-36438
MISC
MISC |
| atlassian — jira_align |
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox. |
2022-10-14 |
8.8 |
CVE-2022-36803
MISC |
| autodesk — autocad_plant_3d |
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
2022-10-21 |
7.8 |
CVE-2022-42936
MISC |
| autodesk — autocad_plant_3d |
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
2022-10-21 |
7.8 |
CVE-2022-42937
MISC |
| autodesk — autocad_plant_3d |
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
2022-10-21 |
7.8 |
CVE-2022-42938
MISC |
| autodesk — autocad_plant_3d |
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
2022-10-21 |
7.8 |
CVE-2022-42939
MISC |
| autodesk — autocad_plant_3d |
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
2022-10-21 |
7.8 |
CVE-2022-42940
MISC |
| autodesk — autocad_plant_3d |
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
2022-10-21 |
7.8 |
CVE-2022-42941
MISC |
| autodesk — autocad_plant_3d |
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
2022-10-21 |
7.8 |
CVE-2022-42942
MISC |
| autodesk — design_review |
A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
2022-10-14 |
7.8 |
CVE-2022-41306
MISC |
| autodesk — fbx_software_development_kit |
An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
2022-10-14 |
7.8 |
CVE-2022-41302
MISC |
| autodesk — fbx_software_development_kit |
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system. |
2022-10-14 |
7.8 |
CVE-2022-41303
MISC |
| autodesk — fbx_software_development_kit |
An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure. |
2022-10-14 |
7.8 |
CVE-2022-41304
MISC |
| autodesk — subassembly_composer |
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
2022-10-14 |
7.8 |
CVE-2022-41305
MISC |
| autodesk — subassembly_composer |
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
2022-10-14 |
7.8 |
CVE-2022-41307
MISC |
| autodesk — subassembly_composer |
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
2022-10-14 |
7.8 |
CVE-2022-41308
MISC |
| avira — avira_security |
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556. |
2022-10-17 |
8.8 |
CVE-2022-3368
MISC |
| best_student_result_management_system_project — best_student_result_management_system |
Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=. |
2022-10-20 |
9.8 |
CVE-2022-42021
MISC |
| billing_system_project — billing_system |
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php. |
2022-10-17 |
7.2 |
CVE-2022-41498
MISC |
| billing_system_project — billing_system |
An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
2022-10-18 |
7.2 |
CVE-2022-41504
MISC |
| boxbilling — boxbilling |
Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. |
2022-10-17 |
7.2 |
CVE-2022-3552
CONFIRM
MISC |
| canteen_management_system_project — canteen_management_system |
A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument business leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211192. |
2022-10-18 |
9.8 |
CVE-2022-3583
MISC
MISC |
| canteen_management_system_project — canteen_management_system |
A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211193 was assigned to this vulnerability. |
2022-10-18 |
8.8 |
CVE-2022-3584
MISC
MISC |
| cashier_queuing_system_project — cashier_queuing_system |
A vulnerability classified as critical was found in SourceCodester Cashier Queuing System 1.0. This vulnerability affects unknown code of the file /queuing/login.php of the component Login Page. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-211186 is the identifier assigned to this vulnerability. |
2022-10-18 |
8.8 |
CVE-2022-3579
MISC
MISC |
| chamilo — chamilo |
Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to ‘big file uploads’ to copy/move files from anywhere in the file system into the web directory. |
2022-10-17 |
8.8 |
CVE-2022-42029
MISC |
| changingtec — rava_certificate_validation_system |
RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database. |
2022-10-18 |
9.8 |
CVE-2022-39056
MISC |
| changingtec — rava_certificate_validation_system |
RAVA certification validation system has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access arbitrary system files. |
2022-10-18 |
7.5 |
CVE-2022-39058
MISC |
| changingtec — rava_certificate_validation_system |
RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service. |
2022-10-18 |
7.2 |
CVE-2022-39057
MISC |
| codexpert — search_logger |
The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users |
2022-10-17 |
7.2 |
CVE-2022-3131
MISC |
| devexpress — asp.net_web_forms_controls |
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code. |
2022-10-18 |
7.5 |
CVE-2022-41479
MISC |
| djangoproject — django |
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. |
2022-10-16 |
7.5 |
CVE-2022-41323
MISC
MISC
CONFIRM
MISC |
| dlink — dir-878_firmware |
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi. |
2022-10-19 |
9.8 |
CVE-2022-43184
MISC
MISC |
| dlink — dsl-2750b_firmware |
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. |
2022-10-19 |
9.8 |
CVE-2016-20017
MISC
MISC
MISC |
| emlog — emlog |
Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. |
2022-10-21 |
7.2 |
CVE-2022-42189
MISC |
| eve-ng — eve-ng |
An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. |
2022-10-20 |
7.2 |
CVE-2022-31366
MISC
MISC |
| exim — exim |
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability. |
2022-10-17 |
7.5 |
CVE-2022-3559
MISC
MISC
MISC |
| eyoucms — eyoucms |
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. |
2022-10-18 |
8.8 |
CVE-2022-41500
MISC |
| f5 — big-ip_access_policy_manager |
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. |
2022-10-19 |
7.5 |
CVE-2022-41624
MISC |
| f5 — big-ip_advanced_firewall_manager |
In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. |
2022-10-19 |
7.5 |
CVE-2022-41806
MISC |
| f5 — big-ip_analytics |
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. |
2022-10-19 |
7.5 |
CVE-2022-36795
MISC |
| f5 — big-ip_application_security_manager |
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. |
2022-10-19 |
7.5 |
CVE-2022-41691
MISC |
| f5 — big-ip_application_security_manager |
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface. |
2022-10-19 |
7.2 |
CVE-2022-41617
MISC |
| f5 — big-ip_local_traffic_manager |
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate. |
2022-10-19 |
7.5 |
CVE-2022-41787
MISC |
| f5 — nginx_plus |
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module. |
2022-10-19 |
7 |
CVE-2022-41743
MISC |
| feishu — feishu |
Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability. |
2022-10-18 |
7.8 |
CVE-2021-3305
MISC
MISC
MISC
MISC |
| fortinet — fortios |
A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request. |
2022-10-18 |
7.5 |
CVE-2022-29055
CONFIRM |
| fortinet — fortiswitchmanager |
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. |
2022-10-18 |
9.8 |
CVE-2022-40684
CONFIRM
MISC |
| fortinet — fortitester |
An improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. |
2022-10-18 |
9.8 |
CVE-2022-33872
CONFIRM |
| fortinet — fortitester |
An improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell. |
2022-10-18 |
9.8 |
CVE-2022-33873
CONFIRM |
| fortinet — fortitester |
An improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. |
2022-10-18 |
9.8 |
CVE-2022-33874
CONFIRM |
| fortinet — fortitester |
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack. |
2022-10-18 |
9.8 |
CVE-2022-35846
CONFIRM |
| fortinet — fortitester |
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature. |
2022-10-18 |
7.2 |
CVE-2022-35844
CONFIRM |
| fujielectric — d300win |
Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information. |
2022-10-19 |
9.1 |
CVE-2022-1523
CONFIRM |
| fujielectric — d300win |
Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory. |
2022-10-19 |
7.5 |
CVE-2022-1738
CONFIRM |
| get-simple — getsimple_cms |
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. |
2022-10-18 |
9.8 |
CVE-2022-41544
MISC |
| gin-vue-admin_project — gin-vue-admin |
In “Gin-Vue-Admin”, versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the “Compress Upload” functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover. |
2022-10-17 |
8 |
CVE-2022-32176
MISC
MISC |
| git-scm — git |
Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git’s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround. |
2022-10-19 |
8.8 |
CVE-2022-39260
CONFIRM |
| gitea — gitea |
Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled. |
2022-10-16 |
9.8 |
CVE-2022-42968
MISC
MISC |
| github — enterprise_server |
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program. |
2022-10-19 |
8.8 |
CVE-2022-23734
CONFIRM
CONFIRM
CONFIRM
CONFIRM |
| gitlab — gitlab |
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint |
2022-10-17 |
9.9 |
CVE-2022-2884
MISC
CONFIRM
MISC |
| gitlab — gitlab |
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint. |
2022-10-17 |
8.8 |
CVE-2022-2992
CONFIRM
MISC
MISC |
| gitlab — gitlab |
An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests. |
2022-10-17 |
8 |
CVE-2022-2527
CONFIRM
MISC
MISC |
| gitlab — gitlab |
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage. |
2022-10-17 |
7.5 |
CVE-2022-2931
MISC
CONFIRM
MISC |
| gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user’s password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account. |
2022-10-17 |
7.5 |
CVE-2022-3031
CONFIRM
MISC |
| gitlab — gitlab |
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage. |
2022-10-17 |
7.5 |
CVE-2022-3283
MISC
CONFIRM
MISC |
| gitlab — gitlab |
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage. |
2022-10-21 |
7.5 |
CVE-2022-3639
MISC
CONFIRM |
| gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. |
2022-10-17 |
7.4 |
CVE-2022-2533
MISC
CONFIRM |
| gitlab — gitlab |
A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests |
2022-10-17 |
7.3 |
CVE-2022-2428
CONFIRM
MISC
MISC |
| gitlab — gitlab |
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests |
2022-10-17 |
7.3 |
CVE-2022-3060
MISC
MISC
CONFIRM |
| go-admin — go-admin |
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. |
2022-10-17 |
9.8 |
CVE-2022-42980
MISC |
| golang — go |
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. |
2022-10-14 |
7.5 |
CVE-2022-2879
MISC
MISC
MISC
MISC
FEDORA |
| golang — go |
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request’s Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. |
2022-10-14 |
7.5 |
CVE-2022-2880
MISC
MISC
MISC
MISC
FEDORA |
| golang — go |
Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. |
2022-10-14 |
7.5 |
CVE-2022-41715
MISC
MISC
MISC
MISC
FEDORA |
| golang — text |
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. |
2022-10-14 |
7.5 |
CVE-2022-32149
MISC
MISC
MISC
MISC |
| google — android |
In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. |
2022-10-14 |
7.8 |
CVE-2022-2985
MISC |
| google — android |
In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. |
2022-10-14 |
7.8 |
CVE-2022-38669
MISC |
| google — android |
In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. |
2022-10-14 |
7.8 |
CVE-2022-38670
MISC |
| google — android |
In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. |
2022-10-14 |
7.8 |
CVE-2022-38698
MISC |
| google — android |
In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. |
2022-10-14 |
7.8 |
CVE-2022-39080
MISC |
| google — android |
In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed. |
2022-10-14 |
7.8 |
CVE-2022-39107
MISC |
| google — android |
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. |
2022-10-14 |
7.8 |
CVE-2022-39108
MISC |
| google — android |
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. |
2022-10-14 |
7.8 |
CVE-2022-39109
MISC |
| google — android |
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. |
2022-10-14 |
7.8 |
CVE-2022-39110
MISC |
| google — android |
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. |
2022-10-14 |
7.8 |
CVE-2022-39111
MISC |
| google — drive |
An attacker can pre-create the `/Applications/Google Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0 |
2022-10-17 |
7.3 |
CVE-2022-3421
MISC |
| gpac — gpac |
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c. |
2022-10-19 |
7.8 |
CVE-2022-43040
MISC |
| gpac — gpac |
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c. |
2022-10-19 |
7.8 |
CVE-2022-43042
MISC |
| gradle — enterprise |
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3. |
2022-10-21 |
7.5 |
CVE-2022-41575
MISC
MISC |
| gxgroup — gpon_ont_titanium_2122a_firmware |
An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. |
2022-10-17 |
9.8 |
CVE-2022-40055
MISC
MISC
MISC |
| hiwin — robot_system_software |
HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition. |
2022-10-17 |
7.5 |
CVE-2022-3382
MISC |
| huawei — harmonyos |
The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions. |
2022-10-14 |
9.8 |
CVE-2022-38980
MISC |
| huawei — harmonyos |
The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. |
2022-10-14 |
9.8 |
CVE-2022-38982
MISC |
| huawei — harmonyos |
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution. |
2022-10-14 |
9.8 |
CVE-2022-38983
MISC
MISC |
| huawei — harmonyos |
The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information. |
2022-10-14 |
9.8 |
CVE-2022-41578
MISC
MISC |
| huawei — harmonyos |
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. |
2022-10-14 |
9.8 |
CVE-2022-41580
MISC
MISC |
| huawei — harmonyos |
The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. |
2022-10-14 |
9.1 |
CVE-2021-46839
MISC
MISC |
| huawei — harmonyos |
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. |
2022-10-14 |
9.1 |
CVE-2021-46840
MISC
MISC |
| huawei — harmonyos |
The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability. |
2022-10-14 |
9.1 |
CVE-2022-38986
MISC
MISC |
| huawei — harmonyos |
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. |
2022-10-14 |
9.1 |
CVE-2022-41581
MISC
MISC |
| huawei — harmonyos |
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. |
2022-10-14 |
7.8 |
CVE-2022-41584
MISC
MISC |
| huawei — harmonyos |
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. |
2022-10-14 |
7.8 |
CVE-2022-41585
MISC
MISC |
| huawei — harmonyos |
The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data. |
2022-10-14 |
7.5 |
CVE-2022-38977
MISC |
| huawei — harmonyos |
The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage. |
2022-10-14 |
7.5 |
CVE-2022-38981
MISC |
| huawei — harmonyos |
The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. |
2022-10-14 |
7.5 |
CVE-2022-38984
MISC
MISC |
| huawei — harmonyos |
The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality. |
2022-10-14 |
7.5 |
CVE-2022-38985
MISC
MISC |
| huawei — harmonyos |
The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. |
2022-10-14 |
7.5 |
CVE-2022-38998
MISC
MISC |
| huawei — harmonyos |
The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module. |
2022-10-14 |
7.5 |
CVE-2022-39011
MISC
MISC |
| huawei — harmonyos |
The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability. |
2022-10-14 |
7.5 |
CVE-2022-41582
MISC
MISC |
| huawei — harmonyos |
The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module. |
2022-10-14 |
7.5 |
CVE-2022-41583
MISC
MISC |
| huawei — harmonyos |
The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality. |
2022-10-14 |
7.5 |
CVE-2022-41586
MISC
MISC |
| huawei — harmonyos |
The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. |
2022-10-14 |
7.5 |
CVE-2022-41588
MISC
MISC |
| huawei — harmonyos |
The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability. |
2022-10-14 |
7.5 |
CVE-2022-41589
MISC
MISC |
| ikea — tradfri_led1732g11_firmware |
An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |
2022-10-14 |
8.1 |
CVE-2022-39064
MISC |
| ikus-soft — rdiffweb |
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. |
2022-10-20 |
9.8 |
CVE-2022-3327
MISC
CONFIRM |
| iptime — nas1dual_firmware |
This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges. |
2022-10-17 |
8.8 |
CVE-2022-23771
MISC |
| jasper_project — jasper |
A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. |
2022-10-14 |
7.5 |
CVE-2022-2963
MISC
MISC
MISC |
| jenkins — compuware_topaz_for_total_test |
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. |
2022-10-19 |
7.5 |
CVE-2022-43429
CONFIRM
MLIST |
| jenkins — compuware_topaz_for_total_test |
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
2022-10-19 |
7.5 |
CVE-2022-43430
CONFIRM
MLIST |
| jenkins — groovy |
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. |
2022-10-19 |
9.9 |
CVE-2022-43402
CONFIRM
MLIST |
| jenkins — groovy_libraries |
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. |
2022-10-19 |
9.9 |
CVE-2022-43405
CONFIRM
MLIST |
| jenkins — input_step |
Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the ‘input’ step, which is used for the URLs that process user interactions for the given ‘input’ step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from ‘input’ step IDs that would bypass the CSRF protection of any target URL in Jenkins when the ‘input’ step is interacted with. |
2022-10-19 |
8.8 |
CVE-2022-43407
CONFIRM
MLIST |
| jenkins — katalon |
Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands. |
2022-10-19 |
8.8 |
CVE-2022-43416
CONFIRM
MLIST |
| jenkins — mercurial |
Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. |
2022-10-19 |
7.5 |
CVE-2022-43410
CONFIRM
MLIST |
| jenkins — repo |
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
2022-10-19 |
7.5 |
CVE-2022-43415
CONFIRM
MLIST |
| jenkins — script_security |
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. |
2022-10-19 |
9.9 |
CVE-2022-43403
CONFIRM
MLIST |
| jenkins — script_security |
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. |
2022-10-19 |
9.9 |
CVE-2022-43404
CONFIRM
MLIST |
| jenkins — script_security |
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. |
2022-10-19 |
8.8 |
CVE-2022-43401
CONFIRM
MLIST |
| jhead_project — jhead |
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. |
2022-10-17 |
7.8 |
CVE-2022-41751
MISC
MISC
MISC |
| jsonlint_project — jsonlint |
jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer. |
2022-10-19 |
7.5 |
CVE-2022-42227
MISC |
| juniper — junos |
An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead to unauthorized local file access or the ability to execute arbitrary commands. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. |
2022-10-18 |
9.8 |
CVE-2022-22241
CONFIRM |
| juniper — junos |
A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this vulnerability with other unspecified vulnerabilities, and by circumventing existing attack requirements, successful exploitation could lead to a complete system compromise. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. |
2022-10-18 |
8.8 |
CVE-2022-22246
CONFIRM |
| juniper — junos |
On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series. |
2022-10-18 |
7.8 |
CVE-2022-22251
CONFIRM |
| juniper — junos |
An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). On SRX5000 Series with SPC3, SRX4000 Series, and vSRX, when PowerMode IPsec is configured and a malformed ESP packet matching an established IPsec tunnel is received the PFE crashes. This issue affects Juniper Networks Junos OS on SRX5000 Series with SPC3, SRX4000 Series, and vSRX: All versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. |
2022-10-18 |
7.5 |
CVE-2022-22201
CONFIRM |
| juniper — junos |
On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment, allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS) by crashing the pkid process. The pkid process cannot handle an unexpected response from the Certificate Authority (CA) server, leading to crash. A restart is required to restore services. This issue affects: Juniper Networks Junos OS on SRX Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2. |
2022-10-18 |
7.5 |
CVE-2022-22218
CONFIRM |
| juniper — junos |
On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregation group (LAG) interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packets to cause multiple interfaces in the LAG to detach causing a Denial of Service (DoS) condition. Continued receipt and processing of these packets will sustain the Denial of Service. This issue affects IPv4 and IPv6 packets. Packets of either type can cause and sustain the DoS event. These packets can be destined to the device or be transit packets. On devices such as the QFX10008 with line cards, line cards can be restarted to restore service. On devices such as the QFX10002 you can restart the PFE service, or reboot device to restore service. This issue affects: Juniper Networks Junos OS on QFX10000 Series: All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S1. An indicator of compromise may be seen by issuing the command: request pfe execute target fpc0 command “show jspec pechip[3] registers ps l2_node 10” timeout 0 | refresh 1 | no-more and reviewing for backpressured output; for example: GOT: 0x220702a8 pe.ps.l2_node[10].pkt_cnt 00000076 GOT: 0x220702b4 pe.ps.l2_node[10].backpressured 00000002 <<<< STICKS HERE and requesting detail on the pepic wanio: request pfe execute target fpc0 command "show pepic 0 wanio-info" timeout 0 | no-more | match xe-0/0/0:2 GOT: 3 xe-0/0/0:2 10 6 3 0 1 10 189 10 0x6321b088 <<< LOOK HERE as well as looking for tail drops looking at the interface queue, for example: show interfaces queue xe-0/0/0:2 resulting in: Transmitted: Total-dropped packets: 1094137 0 pps << LOOK HERE |
2022-10-18 |
7.5 |
CVE-2022-22223
CONFIRM |
| juniper — junos |
An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of Service (DoS). This memory leak only occurs when the attacker’s packets are destined to any configured IPv6 address on the device. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1. |
2022-10-18 |
7.5 |
CVE-2022-22228
CONFIRM |
| juniper — junos |
An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1. |
2022-10-18 |
7.5 |
CVE-2022-22231
CONFIRM |
| juniper — junos |
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series If Unified Threat Management (UTM) Enhanced Content Filtering (CF) is enabled and specific transit traffic is processed the PFE will crash and restart. This issue affects Juniper Networks Junos OS: 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series; 22.1 versions prior to 22.1R1-S1, 22.1R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1. |
2022-10-18 |
7.5 |
CVE-2022-22232
CONFIRM |
| juniper — junos |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service (DoS). A PFE crash will happen when a GPRS Tunnel Protocol (GTP) packet is received with a malformed field in the IP header of GTP encapsulated General Packet Radio Services (GPRS) traffic. The packet needs to match existing state which is outside the attackers control, so the issue cannot be directly exploited. The issue will only be observed when endpoint address validation is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1. |
2022-10-18 |
7.5 |
CVE-2022-22235
CONFIRM |
| juniper — junos |
An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When specific valid SIP packets are received the PFE will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. |
2022-10-18 |
7.5 |
CVE-2022-22236
CONFIRM |
| juniper — junos_os_evolved |
An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a remote system to root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-EVO; 21.2-EVO versions prior to 21.2R2-S1-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS. |
2022-10-18 |
8.8 |
CVE-2022-22239
CONFIRM |
| juniper — junos_os_evolved |
An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an incoming TCP packet destined to the device is malformed there is a possibility of a kernel panic. Only TCP packets destined to the ports for BGP, LDP and MSDP can trigger this. This issue only affects PTX10004, PTX10008, PTX10016. No other PTX Series devices or other platforms are affected. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S4-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 20.4R1-EVO. |
2022-10-18 |
7.5 |
CVE-2022-22192
CONFIRM |
| juniper — junos_os_evolved |
A limitless resource allocation vulnerability in FPC resources of Juniper Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause Denial of Service (DoS). Continuously polling the SNMP jnxCosQstatTable causes the FPC to run out of GUID space, causing a Denial of Service to the FPC resources. When the FPC runs out of the GUID space, you will see the following syslog messages. The evo-aftmand-bt process is asserting. fpc1 evo-aftmand-bt[17556]: %USER-3: get_next_guid: Ran out of Guid Space start 1748051689472 end 1752346656767 fpc1 audit[17556]: %AUTH-5: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm=”EvoAftManBt-mai” exe=”https://us-cert.cisa.gov/usr/sbin/evo-aftmand-bt” sig=6 fpc1 kernel: %KERN-5: audit: type=1701 audit(1648567505.119:57): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm=”EvoAftManBt-mai” exe=”https://us-cert.cisa.gov/usr/sbin/evo-aftmand-bt” sig=6 fpc1 emfd-fpa[14438]: %USER-5: Alarm set: APP color=red, class=CHASSIS, reason=Application evo-aftmand-bt fail on node Fpc1 fpc1 emfd-fpa[14438]: %USER-3-EMF_FPA_ALARM_REP: RaiseAlarm: Alarm(Location: /Chassis[0]/Fpc[1] Module: sysman Object: evo-aftmand-bt:0 Error: 2) reported fpc1 sysepochman[12738]: %USER-5-SYSTEM_REBOOT_EVENT: Reboot [node] [ungraceful reboot] [evo-aftmand-bt exited] The FPC resources can be monitored using the following commands: user@router> start shell [vrf:none] user@router-re0:~$ cli -c “show platform application-info allocations app evo-aftmand-bt” | grep ^fpc | grep -v Route | grep -i -v Nexthop | awk ‘{total[$1] += $5} END { for (key in total) { print key ” ” total[key]/4294967296 }}’ Once the FPCs become unreachable they must be manually restarted as they do not self-recover. This issue affects Juniper Networks Junos OS Evolved on PTX Series: All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO. |
2022-10-18 |
7.5 |
CVE-2022-22211
CONFIRM |
| juniper — junos_os_evolved |
An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the device, triggering a kernel panic, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this TCP segment could create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO. |
2022-10-18 |
7.5 |
CVE-2022-22247
CONFIRM |
| juniper — junos_os_evolved |
An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user’s session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO. |
2022-10-18 |
7.3 |
CVE-2022-22248
CONFIRM |
| juniper — paragon_active_assurance_control_center |
An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with ‘WRITE’ permissions to store one or more malicious scripts that will infect any other authorized user’s account when they accidentally trigger the malicious script(s) while managing the device. Triggering these attacks enables the attacker to execute commands with the permissions up to that of the superuser account. This issue affects: Juniper Networks Paragon Active Assurance (Formerly Netrounds) All versions prior to 3.1.1; 3.2 versions prior to 3.2.1. |
2022-10-18 |
8.4 |
CVE-2022-22229
CONFIRM |
| keking — kkfileview |
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controllerOnlinePreviewController.java. |
2022-10-17 |
9.8 |
CVE-2022-42149
MISC |
| lavalite — lavalite |
In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. |
2022-10-18 |
7.5 |
CVE-2022-42188
MISC |
| libtiff — libtiff |
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact |
2022-10-21 |
9.8 |
CVE-2022-3570
MISC
MISC
MISC
CONFIRM |
| linux — linux_kernel |
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. |
2022-10-14 |
8.1 |
CVE-2022-41674
MISC
MISC
MISC
MISC
MISC
FEDORA
FEDORA
FEDORA
DEBIAN |
| linux — linux_kernel |
A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032. |
2022-10-17 |
8 |
CVE-2022-3534
N/A
N/A |
| linux — linux_kernel |
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. |
2022-10-17 |
8 |
CVE-2022-3564
MISC
MISC |
| linux — linux_kernel |
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088. |
2022-10-17 |
8 |
CVE-2022-3565
MISC
MISC |
| linux — linux_kernel |
A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211041 was assigned to this vulnerability. |
2022-10-17 |
7.8 |
CVE-2022-3541
N/A
N/A |
| linux — linux_kernel |
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. |
2022-10-17 |
7.8 |
CVE-2022-3545
N/A
N/A |
| linux — linux_kernel |
An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption – bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write. |
2022-10-20 |
7.8 |
CVE-2022-3577
MISC
MISC
MISC |
| linux — linux_kernel |
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. |
2022-10-14 |
7.8 |
CVE-2022-42720
MISC
MISC
MISC
FEDORA
FEDORA
FEDORA
DEBIAN |
| linux — linux_kernel |
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. |
2022-10-16 |
7.5 |
CVE-2022-3524
MISC
MISC |
| linux — linux_kernel |
A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024. |
2022-10-16 |
7.5 |
CVE-2022-3526
MISC
MISC |
| linux — linux_kernel |
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function ipneigh_get of the file ip/ipneigh.c of the component iproute2. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211025 was assigned to this vulnerability. |
2022-10-16 |
7.5 |
CVE-2022-3527
MISC
MISC |
| linux — linux_kernel |
A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function mptcp_addr_show of the file ip/ipmptcp.c of the component iproute2. The manipulation leads to memory leak. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-211026 is the identifier assigned to this vulnerability. |
2022-10-16 |
7.5 |
CVE-2022-3528
MISC
MISC |
| linux — linux_kernel |
A vulnerability has been found in Linux Kernel and classified as problematic. Affected by this vulnerability is the function fdb_get of the file bridge/fdb.c of the component iproute2. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211027. |
2022-10-16 |
7.5 |
CVE-2022-3529
MISC
MISC |
| linux — linux_kernel |
A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function ipaddr_link_get of the file ip/ipaddress.c of the component iproute2. The manipulation leads to memory leak. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211028. |
2022-10-16 |
7.5 |
CVE-2022-3530
MISC
MISC |
| linux — linux_kernel |
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. |
2022-10-18 |
7.5 |
CVE-2022-3594
N/A
N/A |
| linux — linux_kernel |
A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. |
2022-10-17 |
7.1 |
CVE-2022-3566
MISC
MISC |
| linux — linux_kernel |
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. |
2022-10-17 |
7.1 |
CVE-2022-3567
MISC
MISC |
| linux — linux_kernel |
A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function hugetlb_no_page of the file mm/hugetlb.c. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211019. |
2022-10-16 |
7 |
CVE-2022-3522
MISC
MISC |
| magento — magento |
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation. |
2022-10-20 |
8.8 |
CVE-2022-42344
MISC |
| markdownify_project — markdownify |
Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the “nodeIntegration” option enabled. |
2022-10-19 |
7.8 |
CVE-2022-41709
MISC
MISC |
| megazone — reversewall-mds |
Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. Remote attackers can exploit the vulnerability such as stealing account, through remote code execution. |
2022-10-17 |
9.8 |
CVE-2022-23769
MISC |
| merchandise_online_store_project — merchandise_online_store |
A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. |
2022-10-17 |
9.8 |
CVE-2022-42237
MISC |
| mikrotik — routeros |
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later. |
2022-10-15 |
9.8 |
CVE-2017-20149
MISC
MISC |
| minimatch_project — minimatch |
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. |
2022-10-17 |
7.5 |
CVE-2022-3517
MISC
MISC |
| mozilla — network_security_services |
A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash. |
2022-10-14 |
7.5 |
CVE-2022-3479
MISC
MISC |
| mvpower — tv-7104he_firmware |
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the “JAWS webserver RCE” because of the easily identifying HTTP response server field. Other firmware versions, at least from 2014 through 2019, can be affected. This was exploited in the wild in 2017 through 2022. |
2022-10-19 |
9.8 |
CVE-2016-20016
MISC
MISC
MISC |
| netapp — clustered_data_ontap |
Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period. |
2022-10-19 |
8.1 |
CVE-2022-23241
MISC |
| netgear — r6220_firmware |
Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. |
2022-10-17 |
8.8 |
CVE-2022-42221
MISC
MISC |
| nopcommerce — nopcommerce |
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer’s address via the addressedit endpoint. |
2022-10-19 |
7.5 |
CVE-2022-33077
MISC
MISC |
| ocomon_project — ocomon |
OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover. |
2022-10-19 |
7.5 |
CVE-2022-40798
MISC
MISC |
| octopus — octopus_server |
In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack. |
2022-10-14 |
8.1 |
CVE-2022-2780
MISC |
| online_birth_certificate_management_system_project — online_birth_certificate_management_system |
Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). |
2022-10-14 |
8.8 |
CVE-2022-42070
MISC
MISC |
| online_tours_&_travels_management_system_project — online_tours_&_travels_management_system |
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php. |
2022-10-14 |
7.2 |
CVE-2022-41416
MISC |
| online_tours_&_travels_management_system_project — online_tours_&_travels_management_system |
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
2022-10-18 |
7.2 |
CVE-2022-41537
MISC |
| online_tours_and_travels_management_system_project — online_tours_and_travels_management_system |
Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php. |
2022-10-17 |
7.2 |
CVE-2022-42142
MISC |
| open_source_sacco_management_system_project — open_source_sacco_management_system |
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php. |
2022-10-14 |
7.2 |
CVE-2022-41535
MISC |
| open_source_sacco_management_system_project — open_source_sacco_management_system |
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php. |
2022-10-14 |
7.2 |
CVE-2022-41536
MISC |
| open_source_sacco_management_system_project — open_source_sacco_management_system |
Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php. |
2022-10-17 |
7.2 |
CVE-2022-42143
MISC |
| open_source_sacco_management_system_project — open_source_sacco_management_system |
Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php. |
2022-10-18 |
7.2 |
CVE-2022-42218
MISC |
| opencats — opencats |
OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager’s ajax functionality. |
2022-10-19 |
9.8 |
CVE-2022-43019
MISC |
| openharmony — openharmony |
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands. |
2022-10-14 |
8.8 |
CVE-2022-42463
MISC |
| openharmony — openharmony |
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. |
2022-10-14 |
7.8 |
CVE-2022-42464
MISC |
| openharmony — openharmony |
OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. |
2022-10-14 |
7.8 |
CVE-2022-42488
MISC |
| opensecurity — mobile_security_framework |
Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request. |
2022-10-18 |
7.5 |
CVE-2022-41547
MISC
MISC |
| oracle — access_manager |
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
2022-10-18 |
7.5 |
CVE-2022-39412
MISC |
| oracle — bi_publisher |
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Formatting API). Supported versions that are affected are 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). |
2022-10-18 |
7.6 |
CVE-2022-21590
MISC |
| oracle — database |
Vulnerability in the Oracle Database – Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database – Advanced Queuing. Successful attacks of this vulnerability can result in takeover of Oracle Database – Advanced Queuing. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). |
2022-10-18 |
7.2 |
CVE-2022-21596
MISC |
| oracle — database_-_sharding |
Vulnerability in the Oracle Database – Sharding component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Local Logon to compromise Oracle Database – Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database – Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). |
2022-10-18 |
7.2 |
CVE-2022-21603
MISC |
| oracle — e-business_suite |
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). |
2022-10-18 |
9.8 |
CVE-2022-21587
MISC |
| oracle — enterprise_data_quality |
Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Data Quality, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Data Quality accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L). |
2022-10-18 |
8.8 |
CVE-2022-21613
MISC |
| oracle — enterprise_data_quality |
Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Data Quality accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). |
2022-10-18 |
8.1 |
CVE-2022-21612
MISC |
| oracle — enterprise_data_quality |
Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
2022-10-18 |
7.5 |
CVE-2022-21614
MISC |
| oracle — enterprise_data_quality |
Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Data Quality, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N). |
2022-10-18 |
7.4 |
CVE-2022-21615
MISC |
| oracle — enterprise_manager_base_platform |
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). |
2022-10-18 |
7.5 |
CVE-2022-21623
MISC |
| oracle — graalvm |
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). |
2022-10-18 |
7.5 |
CVE-2022-21634
MISC |
| oracle — http_server |
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data as well as unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N). |
2022-10-18 |
7.1 |
CVE-2022-21593
MISC |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). |
2022-10-18 |
7.2 |
CVE-2022-21600
MISC |
| oracle — peoplesoft_enterprise_common_components |
Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component: Approval Framework). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Common Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise Common Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise Common Components accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). |
2022-10-18 |
8.1 |
CVE-2022-39406
MISC |
| oracle — siebel_core_-_db_deployment_and_configuration_accessible_data |
Vulnerability in the Siebel Core – DB Deployment and Configuration product of Oracle Siebel CRM (component: Repository Utilities). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core – DB Deployment and Configuration. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel Core – DB Deployment and Configuration accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). |
2022-10-18 |
7.5 |
CVE-2022-21598
MISC |
| oracle — soa_suite |
Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SOA Suite accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). |
2022-10-18 |
7.5 |
CVE-2022-21622
MISC |
| oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). |
2022-10-18 |
8.8 |
CVE-2022-39427
MISC |
| oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
2022-10-18 |
8.1 |
CVE-2022-39424
MISC |
| oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
2022-10-18 |
8.1 |
CVE-2022-39425
MISC |
| oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
2022-10-18 |
8.1 |
CVE-2022-39426
MISC |
| oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). |
2022-10-18 |
7.5 |
CVE-2022-21620
MISC |
| oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). |
2022-10-18 |
7.5 |
CVE-2022-39422
MISC |
| oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). |
2022-10-18 |
7.3 |
CVE-2022-39421
MISC |
| oracle — web_applications_desktop_integrator |
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). |
2022-10-18 |
9.8 |
CVE-2022-39428
MISC |
| oringnet — iap-420+_firmware |
On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device with with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot. |
2022-10-21 |
8.8 |
CVE-2022-3203
CONFIRM |
| osgeo — shapelib |
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc. |
2022-10-17 |
9.8 |
CVE-2022-0699
MISC
MISC |
| otrs — otrs |
Article template contents with sensitive data could be accessed from agents without permissions. |
2022-10-17 |
7.5 |
CVE-2022-3501
MISC |
| oxhoo — tp50_firmware |
An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html. |
2022-10-14 |
9.1 |
CVE-2022-41436
MISC |
| pctechsoft — pcsecure |
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access. |
2022-10-20 |
7.8 |
CVE-2022-42176
MISC |
| perfact — openvpn-client |
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user. |
2022-10-14 |
8.8 |
CVE-2021-27406
CONFIRM |
| phoenixframework — phoenix |
socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token. |
2022-10-17 |
7.5 |
CVE-2022-42975
MISC |
| phpmyfaq — phpmyfaq |
Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha. |
2022-10-19 |
8.4 |
CVE-2022-3608
CONFIRM
MISC |
| phpok — phpok |
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. |
2022-10-18 |
9.8 |
CVE-2022-40889
MISC
MISC |
| pytest — py |
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. |
2022-10-16 |
7.5 |
CVE-2022-42969
MISC
MISC
MISC |
| qualcomm — apq8009_firmware |
memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
2022-10-19 |
9.8 |
CVE-2022-25687
CONFIRM |
| qualcomm — apq8009_firmware |
Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
2022-10-19 |
9.8 |
CVE-2022-25718
CONFIRM |
| qualcomm — apq8009_firmware |
Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
2022-10-19 |
9.8 |
CVE-2022-25720
CONFIRM |
| qualcomm — apq8009_firmware |
Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
2022-10-19 |
9.8 |
CVE-2022-25748
CONFIRM |
| qualcomm — apq8009_firmware |
Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
2022-10-19 |
9.1 |
CVE-2022-25719
CONFIRM |
| qualcomm — apq8009_firmware |
Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
2022-10-19 |
7.5 |
CVE-2022-25749
CONFIRM |
| qualcomm — apq8064au_firmware |
Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value. in Snapdragon Auto |
2022-10-19 |
7.8 |
CVE-2022-33210
CONFIRM |
| qualcomm — apq8096au_firmware |
Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
2022-10-19 |
7.5 |
CVE-2022-25662
CONFIRM |
| qualcomm — aqt1000_firmware |
Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
2022-10-19 |
7.8 |
CVE-2022-25660
CONFIRM |
| qualcomm — aqt1000_firmware |
Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
2022-10-19 |
7.8 |
CVE-2022-25661
CONFIRM |
| qualcomm — aqt1000_firmware |
Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
2022-10-19 |
7.5 |
CVE-2022-25736
CONFIRM |
| qualcomm — aqt1000_firmware |
Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile |
2022-10-19 |
7.1 |
CVE-2022-25665
CONFIRM |
| qualcomm — aqt1000_firmware |
Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
2022-10-19 |
7 |
CVE-2022-33214
CONFIRM |
| qualcomm — kailua_firmware |
Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile |
2022-10-19 |
8.8 |
CVE-2022-25750
CONFIRM |
| qualcomm — sd_8_gen1_5g_firmware |
Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile |
2022-10-19 |
7.8 |
CVE-2022-22077
CONFIRM |
| qualcomm — sd_8_gen1_5g_firmware |
Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile |
2022-10-19 |
7.8 |
CVE-2022-25723
CONFIRM |
| qualcomm — sd_8_gen1_5g_firmware |
Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile |
2022-10-19 |
7.8 |
CVE-2022-33217
CONFIRM |
| redhat — 3scale_api_management |
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks. |
2022-10-19 |
8.8 |
CVE-2022-1414
MISC
MISC |
| redhat — decision_manager |
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console. |
2022-10-17 |
8.8 |
CVE-2019-14841
MISC
MISC |
| redhat — decision_manager |
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. |
2022-10-17 |
7.5 |
CVE-2019-14840
MISC
MISC |
| redhat — openshift |
The deployment script in the unsupported “OpenShift Extras” set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user’s authorized_keys file. |
2022-10-19 |
7.5 |
CVE-2013-4253
MISC
MISC |
| rockwellautomation — factorytalk_vantagepoint |
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server. |
2022-10-17 |
8.8 |
CVE-2022-3158
MISC |
| rockwellautomation — factorytalk_vantagepoint |
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data. |
2022-10-17 |
8.8 |
CVE-2022-38743
MISC |
| sanitization_management_system_project — sanitization_management_system |
A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. This issue affects some unknown processing of the file /php-sms/?p=services/view_service. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210839. |
2022-10-14 |
9.8 |
CVE-2022-3504
N/A
N/A |
| shinken-monitoring — shinken_monitoring |
Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server. |
2022-10-20 |
9.8 |
CVE-2022-37298
MISC
MISC |
| siemens — teamcenter_visualization |
The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. |
2022-10-20 |
7.8 |
CVE-2022-2069
CONFIRM
CONFIRM |
| simple_cold_storage_management_system_project — simple_cold_storage_management_system |
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability. |
2022-10-17 |
7.2 |
CVE-2022-3549
N/A
N/A |
| simple_cold_storage_management_system_project — simple_cold_storage_management_system |
Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. |
2022-10-14 |
7.2 |
CVE-2022-42232
MISC |
| simple_exam_reviewer_management_system_project — simple_exam_reviewer_management_system |
In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. |
2022-10-20 |
8.8 |
CVE-2022-42198
MISC
MISC |
| simple_exam_reviewer_management_system_project — simple_exam_reviewer_management_system |
Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List. |
2022-10-20 |
8.8 |
CVE-2022-42199
MISC
MISC
MISC |
| simple_exam_reviewer_management_system_project — simple_exam_reviewer_management_system |
Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. |
2022-10-20 |
7.2 |
CVE-2022-42201
MISC
MISC |
| smackcoders — an_ultimate_wordpress_importer_cum_migration_as_csv_&_xml |
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin |
2022-10-17 |
7.2 |
CVE-2022-3243
MISC |
| solarwinds — orion_platform |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. |
2022-10-20 |
8.8 |
CVE-2022-36958
MISC
MISC |
| solarwinds — orion_platform |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. |
2022-10-20 |
7.2 |
CVE-2022-36957
MISC
MISC |
| solarwinds — orion_platform |
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. |
2022-10-20 |
7.2 |
CVE-2022-38108
MISC
MISC |
| synacor — zimbra_collaboration_suite |
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the ‘zimbra’ user can effectively coerce postfix into running arbitrary commands as ‘root’. |
2022-10-17 |
7.8 |
CVE-2022-3569
MISC
MISC
MISC |
| synology — diskstation_manager |
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. |
2022-10-20 |
9.8 |
CVE-2022-27624
CONFIRM |
| synology — diskstation_manager |
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. |
2022-10-20 |
9.8 |
CVE-2022-27625
CONFIRM |
| synology — diskstation_manager |
A vulnerability regarding concurrent execution using shared resource with improper synchronization (‘Race Condition’) is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. |
2022-10-20 |
8.1 |
CVE-2022-27626
CONFIRM |
| synology — diskstation_manager |
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. |
2022-10-20 |
7.5 |
CVE-2022-3576
CONFIRM |
| tableau — tableau_server |
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates. |
2022-10-17 |
9.8 |
CVE-2022-22128
MISC
MISC |
| tenda — 11n_firmware |
Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability. |
2022-10-20 |
9.8 |
CVE-2022-42233
MISC |
| tenda — ac10_firmware |
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting. |
2022-10-17 |
9.8 |
CVE-2022-42163
MISC |
| tenda — ac10_firmware |
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState. |
2022-10-17 |
9.8 |
CVE-2022-42164
MISC |
| tenda — ac10_firmware |
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName. |
2022-10-17 |
9.8 |
CVE-2022-42165
MISC |
| tenda — ac10_firmware |
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan. |
2022-10-17 |
9.8 |
CVE-2022-42166
MISC |
| tenda — ac10_firmware |
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg. |
2022-10-17 |
9.8 |
CVE-2022-42167
MISC |
| tenda — ac10_firmware |
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind. |
2022-10-17 |
9.8 |
CVE-2022-42168
MISC |
| tenda — ac10_firmware |
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter. |
2022-10-17 |
9.8 |
CVE-2022-42169
MISC |
| tenda — ac10_firmware |
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart. |
2022-10-17 |
9.8 |
CVE-2022-42170
MISC |
| tenda — ac10_firmware |
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo. |
2022-10-17 |
9.8 |
CVE-2022-42171
MISC |
| tenda — ac15_firmware |
Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. |
2022-10-18 |
7.5 |
CVE-2022-43259
MISC |
| tenda — ac18_firmware |
Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function. |
2022-10-18 |
9.8 |
CVE-2022-43260
MISC |
| tenda — tx3_firmware |
Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. |
2022-10-19 |
9.8 |
CVE-2022-43024
MISC |
| tenda — tx3_firmware |
Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg. |
2022-10-19 |
9.8 |
CVE-2022-43025
MISC |
| tenda — tx3_firmware |
Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg. |
2022-10-19 |
9.8 |
CVE-2022-43026
MISC |
| tenda — tx3_firmware |
Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg. |
2022-10-19 |
9.8 |
CVE-2022-43027
MISC |
| tenda — tx3_firmware |
Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg. |
2022-10-19 |
9.8 |
CVE-2022-43028
MISC |
| tenda — tx3_firmware |
Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg. |
2022-10-19 |
9.8 |
CVE-2022-43029
MISC |
| thoughtworks — gocd |
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation endpoint exposed agent communication and allowed deserialization of arbitrary java objects, as well as subsequent remote code execution. Exploitation requires agent-level authentication, thus an attacker would need to either compromise an existing agent, its network communication or register a new agent to practically exploit this vulnerability. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. |
2022-10-14 |
8.8 |
CVE-2022-39311
CONFIRM
MISC
MISC |
| tp-link — ax10_firmware |
TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user. |
2022-10-18 |
8.1 |
CVE-2022-41541
MISC
MISC |
| trumpf — job_order_interface |
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system. |
2022-10-17 |
9.8 |
CVE-2022-2052
CONFIRM |
| ucms_project — ucms |
There is a file inclusion vulnerability in the template management module in UCMS 1.6 |
2022-10-14 |
8.8 |
CVE-2022-42234
MISC |
| uglifyjs_project — uglifyjs |
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. |
2022-10-20 |
9.8 |
CVE-2022-37598
MISC
MISC
MISC |
| verint — desktop_and_process_analytics |
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair. |
2022-10-20 |
7.8 |
CVE-2020-12744
MISC
MISC |
| villatheme — dropshipping_and_fulfillment_for_aliexpress_and_woocommerce |
Sensitive Data Exposure in Villatheme ALD – AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress. |
2022-10-14 |
7.5 |
CVE-2022-41623
CONFIRM
CONFIRM |
| wago — 750-8100_firmware |
WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter. |
2022-10-17 |
7.5 |
CVE-2022-3281
CONFIRM |
| webidsupport — webid |
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories. |
2022-10-14 |
9.1 |
CVE-2022-41477
MISC |
| webpack.js — loader-utils |
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. |
2022-10-14 |
7.5 |
CVE-2022-37603
MISC
MISC
MISC |
| wedding_planner_project — wedding_planner |
Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
2022-10-14 |
8.8 |
CVE-2022-41538
MISC |
| wedding_planner_project — wedding_planner |
Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
2022-10-14 |
8.8 |
CVE-2022-41539
MISC |
| wire — wire_server |
Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML authenticated accounts of a targeted team, Authenticate as a user of the attacked team and create arbitrary accounts in the context of the team if it is not managed by SCIM. This issue is fixed in wire-server 2022-07-12 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-07-12/Chart 4.19.0, so that their backends are no longer affected. As a workaround, the risk of an attack can be reduced by disabling SAML configuration for teams (galley.config.settings.featureFlags.sso). Helm overrides are located in `values/wire-server/values.yaml` Note that the ability to configure SAML SSO as a team is disabled by default for on-premise installations. |
2022-10-18 |
8.1 |
CVE-2022-31122
CONFIRM |
| wisa — smart_wing_cms |
This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal. |
2022-10-17 |
9.8 |
CVE-2022-23770
MISC |
| wordpress — wordpress |
A flaw was found in WordPress 5.1. “X-Forwarded-For” is a HTTP header used to carry the client’s original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated. |
2022-10-17 |
9.8 |
CVE-2020-35539
MISC |
| wp_custom_cursors_project — wp_custom_cursors |
The WP Custom Cursors WordPress plugin through 3.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin |
2022-10-17 |
7.2 |
CVE-2022-3150
MISC |
| x.org — libx11 |
A vulnerability has been found in X.org libX11 and classified as problematic. This vulnerability affects the function _XimRegisterIMInstantiateCallback of the file modules/im/ximcp/imsClbk.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211054 is the identifier assigned to this vulnerability. |
2022-10-17 |
7.5 |
CVE-2022-3554
N/A
N/A |
| x.org — libx11 |
A vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function _XFreeX11XCBStructure of the file xcb_disp.c. The manipulation of the argument dpy leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211055. |
2022-10-17 |
7.5 |
CVE-2022-3555
N/A
N/A |
| x.org — x_server |
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. |
2022-10-17 |
9.8 |
CVE-2022-3550
N/A
N/A |
| x.org — x_server |
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052. |
2022-10-17 |
7.5 |
CVE-2022-3551
N/A
N/A |
| x.org — x_server |
A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability. |
2022-10-17 |
7.5 |
CVE-2022-3553
N/A
N/A |
| xbifrost — bifrost |
Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds. |
2022-10-19 |
8.8 |
CVE-2022-39267
CONFIRM
MISC |
| zigor — zgr_tps200_ng_firmware |
In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable. |
2022-10-17 |
9.1 |
CVE-2020-8974
CONFIRM |
| zigor — zgr_tps200_ng_firmware |
The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request. |
2022-10-17 |
8.8 |
CVE-2020-8976
CONFIRM |
| zigor — zgr_tps200_ng_firmware |
ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device. |
2022-10-17 |
8.1 |
CVE-2020-8973
CONFIRM |
| zigor — zgr_tps200_ng_firmware |
ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system. |
2022-10-17 |
7.5 |
CVE-2020-8975
CONFIRM |
| zoom — meetings |
Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client. |
2022-10-14 |
7.8 |
CVE-2022-28762
MISC |
| zoom — zoom_on-premise_meeting_connector_mmr |
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. |
2022-10-14 |
8.6 |
CVE-2022-28759
MISC |
