Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Vulnerability Summary for the Week of October 24, 2022

10web — form_maker The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 2022-10-25 7.2 CVE-2022-3300

CONFIRM adenion — blog2social The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers 2022-10-25 8.8 CVE-2022-3246

CONFIRM adobe — illustrator

  Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-25 7.8 CVE-2022-38435

MISC adobe– illustrator

  Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-10-25 7.8 CVE-2022-38436

MISC advantech — r-seenet Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution. 2022-10-27 9.8 CVE-2022-3385

MISC advantech — r-seenet Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution. 2022-10-27 9.8 CVE-2022-3386

MISC apache — batik A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. 2022-10-25 7.5 CVE-2022-41704

MISC

MLIST

MLIST

DEBIAN apache — batik A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. 2022-10-25 7.5 CVE-2022-42890

MISC

MLIST

MLIST

DEBIAN apache — flume Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. 2022-10-26 9.8 CVE-2022-42468

CONFIRM

CONFIRM

CONFIRM apache — heron Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. 2022-10-24 9.8 CVE-2021-42010

MISC

MLIST apache — iotdb Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it. 2022-10-26 7.5 CVE-2022-43766

CONFIRM apache — linkis In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0. 2022-10-26 8.8 CVE-2022-39944

CONFIRM arm — midguard_gpu_kernel_driver An Arm product family through 2022-08-12 mail GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory. 2022-10-25 8.8 CVE-2022-38181

MISC

MISC autodesk — autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-41309

MISC autodesk — autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-41310

MISC autodesk — autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42933

MISC autodesk — autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42934

MISC autodesk — autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42935

MISC autodesk — autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42936

MISC autodesk — autocad_plant_3d A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42937

MISC autodesk — autocad_plant_3d A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42938

MISC autodesk — autocad_plant_3d A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42939

MISC autodesk — autocad_plant_3d A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42940

MISC autodesk — autocad_plant_3d A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42941

MISC autodesk — autocad_plant_3d A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42942

MISC autodesk — autocad_plant_3d A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42943

MISC autodesk — autocad_plant_3d A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-21 7.8 CVE-2022-42944

MISC automox — automox The Automox Agent before 40 on Windows incorrectly sets permissions on key files. 2022-10-21 7.8 CVE-2022-36122

MISC

MISC axiosys — bento4 A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability. 2022-10-26 7.8 CVE-2022-3662

MISC

MISC

MISC axiosys — bento4 A vulnerability classified as critical has been found in Axiomatic Bento4. Affected is the function AP4_BitStream::WriteBytes of the file Ap4BitStream.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212004. 2022-10-26 7.8 CVE-2022-3664

MISC

MISC

MISC axiosys — bento4 A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability. 2022-10-26 7.8 CVE-2022-3665

MISC

MISC

MISC axiosys — bento4 A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212006 is the identifier assigned to this vulnerability. 2022-10-26 7.8 CVE-2022-3666

MISC

MISC

MISC axiosys — bento4 A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability. 2022-10-26 7.8 CVE-2022-3670

MISC

MISC

MISC axiosys — bento4 A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212007. 2022-10-26 7.5 CVE-2022-3667

MISC

MISC

MISC baramundi — management_suite baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2. 2022-10-26 9.8 CVE-2022-43747

MISC barangay_management_system_project — barangay_management_system Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php. 2022-10-28 7.2 CVE-2022-43228

MISC bestwebsoft — post_to_csv The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection 2022-10-25 9.8 CVE-2022-3393

CONFIRM broadcom — fabric_operating_system Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator’s authorization header. 2022-10-25 8.8 CVE-2022-28169

MISC broadcom — fabric_operating_system A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. 2022-10-25 8.8 CVE-2022-33179

MISC broadcom — fabric_operating_system A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. 2022-10-25 8.8 CVE-2022-33183

MISC broadcom — fabric_operating_system A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. 2022-10-25 7.8 CVE-2022-33182

MISC broadcom — fabric_operating_system A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. 2022-10-25 7.8 CVE-2022-33184

MISC broadcom — fabric_operating_system Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. 2022-10-25 7.8 CVE-2022-33185

MISC broadcom — fabric_operating_system A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. 2022-10-25 7.2 CVE-2022-33178

MISC canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-28 7.2 CVE-2022-43231

MISC canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php. 2022-10-28 7.2 CVE-2022-43232

MISC canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php. 2022-10-28 7.2 CVE-2022-43233

MISC canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-28 7.2 CVE-2022-43275

MISC canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php. 2022-10-28 7.2 CVE-2022-43276

MISC cert — vince A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user’s profile. This can lead to code execution on the server when the user’s profile is accessed. 2022-10-26 8.8 CVE-2022-40238

MISC cleantalk — spam_protection,_antispam,_firewall The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin 2022-10-25 7.2 CVE-2022-3302

CONFIRM dataease — dataease Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`, the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server, the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability, the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue. 2022-10-25 9.8 CVE-2022-39312

MISC

MISC

MISC

CONFIRM dell — emc_powerscale_onefs Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node. 2022-10-21 7.5 CVE-2022-34439

CONFIRM dell — powerstoreos Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit. 2022-10-21 9.8 CVE-2022-26870

CONFIRM deltaww — diaenergie The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. 2022-10-26 9.8 CVE-2022-43774

MISC deltaww — diaenergie The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. 2022-10-26 9.8 CVE-2022-43775

MISC deltaww — diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. 2022-10-27 8.8 CVE-2022-40967

MISC deltaww — diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. 2022-10-27 8.8 CVE-2022-41133

MISC deltaww — diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. 2022-10-27 8.8 CVE-2022-41773

MISC discourse — patreon Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim’s forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts. 2022-10-26 9.8 CVE-2022-39355

MISC

CONFIRM dlink — dir-816_firmware D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. 2022-10-26 9.8 CVE-2022-42998

MISC

MISC dlink — dir-816_firmware D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. 2022-10-26 9.8 CVE-2022-43000

MISC

MISC dlink — dir-816_firmware D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. 2022-10-26 9.8 CVE-2022-43001

MISC

MISC dlink — dir-816_firmware D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. 2022-10-26 9.8 CVE-2022-43002

MISC

MISC dlink — dir-816_firmware D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. 2022-10-26 9.8 CVE-2022-43003

MISC

MISC dlink — dir-816_firmware D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. 2022-10-26 7.5 CVE-2022-42999

MISC

MISC elearning_system_project — elearning_system A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability. 2022-10-26 9.8 CVE-2022-3671

N/A

N/A employee_record_management_system_project — employee_record_management_system Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. 2022-10-28 9.8 CVE-2021-37782

MISC

MISC evm_project — evm SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_static` parameter was incorrect — it was only set to `true` if the call came from a direct `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. For those affected, the issue can lead to possible incorrect state transitions. Version 0.36.0 contains a patch. There are no known workarounds. 2022-10-25 7.5 CVE-2022-39354

MISC

CONFIRM exiv2 — exiv2 A vulnerability, which was classified as critical, has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely. The name of the patch is a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212348. 2022-10-27 9.8 CVE-2022-3717

MISC

MISC exiv2 — exiv2 A vulnerability has been found in Exiv2 and classified as critical. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The name of the patch is a38e124076138e529774d5ec9890d0731058115a. It is recommended to apply a patch to fix this issue. VDB-212350 is the identifier assigned to this vulnerability. 2022-10-27 9.8 CVE-2022-3719

MISC

MISC

MISC extended_keccak_code_package_project — extended_keccak_code_package The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. 2022-10-21 9.8 CVE-2022-37454

MISC

MISC

MISC

MISC f5 — nginx A vulnerability was found in Nginx and classified as problematic. This issue affects some unknown processing of the file ngx_resolver.c of the component IPv4 Off Handler. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211937 was assigned to this vulnerability. 2022-10-21 7.5 CVE-2022-3638

N/A

N/A

N/A featherjs — feathers-sequelize Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. 2022-10-26 9.8 CVE-2022-2422

CONFIRM

CONFIRM featherjs — feathers-sequelize Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection 2022-10-26 9.8 CVE-2022-29822

CONFIRM

CONFIRM featherjs — feathers-sequelize Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application. 2022-10-26 9.8 CVE-2022-29823

CONFIRM

CONFIRM free5gc — free5gc Free5gc v3.2.1 is vulnerable to Information disclosure. 2022-10-25 7.5 CVE-2022-38870

MISC gin-vue-admin_project — gin-vue-admin Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds. 2022-10-24 9.8 CVE-2022-39305

MISC

CONFIRM gin-vue-admin_project — gin-vue-admin Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workarounds aside from upgrading to a patched version. 2022-10-25 7.5 CVE-2022-39345

CONFIRM

MISC

MISC

MISC github — runner GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered in versions prior to 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4 that allows an input to escape the environment variable and modify that docker command invocation directly. Jobs that use container actions, job containers, or service containers alongside untrusted user inputs in environment variables may be vulnerable. The Actions Runner has been patched, both on `github.com` and hotfixes for GHES and GHAE customers in versions 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4. GHES and GHAE customers may want to patch their instance in order to have their runners automatically upgrade to these new runner versions. As a workaround, users may consider removing any container actions, job containers, or service containers from their jobs until they are able to upgrade their runner versions. 2022-10-25 9.9 CVE-2022-39321

MISC

MISC

CONFIRM gnu — libtasn1 GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. 2022-10-24 9.1 CVE-2021-46848

MISC

MISC

MISC goabode — iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_SSID` and `WL_SSID_HEX` configuration values in the function at offset `0x1c7d28` of firmware 6.9Z. 2022-10-25 10 CVE-2022-33192

MISC goabode — iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_WPAPSK` configuration value in the function located at offset `0x1c7d28` of firmware 6.9Z. 2022-10-25 10 CVE-2022-33193

MISC goabode — iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_Key` and `WL_DefaultKeyID` configuration values in the function located at offset `0x1c7d28` of firmware 6.9Z , and even more specifically on the command execution occuring at offset `0x1c7f6c`. 2022-10-25 10 CVE-2022-33194

MISC goabode — iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_DefaultKeyID` in the function located at offset `0x1c7d28` of firmware 6.9Z, and even more specifically on the command execution occuring at offset `0x1c7fac`. 2022-10-25 10 CVE-2022-33195

MISC goabode — iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `ssid_hex` HTTP parameter to construct an OS Command at offset `0x19afc0` of the `/root/hpgw` binary included in firmware 6.9Z. 2022-10-25 9.9 CVE-2022-33204

MISC goabode — iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `wpapsk_hex` HTTP parameter to construct an OS Command at offset `0x19b0ac` of the `/root/hpgw` binary included in firmware 6.9Z. 2022-10-25 9.9 CVE-2022-33205

MISC goabode — iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `key` and `default_key_id` HTTP parameters to construct an OS Command crafted at offset `0x19b1f4` of the `/root/hpgw` binary included in firmware 6.9Z. 2022-10-25 9.9 CVE-2022-33206

MISC goabode — iota_all-in-one_security_kit_firmware Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on a second unsafe use of the `default_key_id` HTTP parameter to construct an OS Command at offset `0x19B234` of the `/root/hpgw` binary included in firmware 6.9Z. 2022-10-25 9.9 CVE-2022-33207

MISC goabode — iota_all-in-one_security_kit_firmware An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-27804

MISC goabode — iota_all-in-one_security_kit_firmware An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-27805

MISC goabode — iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-29472

MISC goabode — iota_all-in-one_security_kit_firmware An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-29477

MISC goabode — iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-29520

MISC goabode — iota_all-in-one_security_kit_firmware A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-29889

MISC goabode — iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-30541

MISC goabode — iota_all-in-one_security_kit_firmware A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-32454

MISC goabode — iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-32773

MISC goabode — iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-33189

MISC goabode — iota_all-in-one_security_kit_firmware A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-33938

MISC goabode — iota_all-in-one_security_kit_firmware A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-35244

MISC goabode — iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid` and `ssid_hex` configuration parameters, as used within the `testWifiAP` XCMD handler 2022-10-25 9.8 CVE-2022-35874

MISC goabode — iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler 2022-10-25 9.8 CVE-2022-35875

MISC goabode — iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler 2022-10-25 9.8 CVE-2022-35876

MISC goabode — iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler 2022-10-25 9.8 CVE-2022-35877

MISC goabode — iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-10-25 8.8 CVE-2022-30603

MISC goabode — iota_all-in-one_security_kit_firmware An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-10-25 8.8 CVE-2022-32586

MISC goabode — iota_all-in-one_security_kit_firmware An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2022-10-25 8.8 CVE-2022-32775

MISC goabode — iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler. 2022-10-25 8.8 CVE-2022-35878

MISC goabode — iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler. 2022-10-25 8.8 CVE-2022-35879

MISC goabode — iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler. 2022-10-25 8.8 CVE-2022-35880

MISC goabode — iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler. 2022-10-25 8.8 CVE-2022-35881

MISC goabode — iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. 2022-10-25 8.8 CVE-2022-35884

MISC goabode — iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. 2022-10-25 8.8 CVE-2022-35885

MISC goabode — iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler. 2022-10-25 8.8 CVE-2022-35886

MISC goabode — iota_all-in-one_security_kit_firmware Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler. 2022-10-25 8.8 CVE-2022-35887

MISC goabode — iota_all-in-one_security_kit_firmware An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2022-10-25 8.1 CVE-2022-29475

MISC goabode — iota_all-in-one_security_kit_firmware A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. 2022-10-25 7.5 CVE-2022-32760

MISC gradle — enterprise A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3. 2022-10-21 7.5 CVE-2022-41575

MISC

MISC hospital_management_system_project — hospital_management_system Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. 2022-10-28 8.8 CVE-2021-35387

MISC

MISC iij — iij_smartkey Information disclosure vulnerability in Android App ‘IIJ SmartKey’ versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions. 2022-10-24 7.5 CVE-2022-41986

MISC

MISC jflyfox — jfinal_cms JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list 2022-10-26 8.8 CVE-2022-37202

MISC

MISC jupyter — jupyter_core Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. 2022-10-26 8.8 CVE-2022-39286

MISC

CONFIRM kadencewp — kadence_woocommerce_email_designer The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. 2022-10-25 7.2 CVE-2022-3335

CONFIRM kartverket — github-workflows kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the `run-terraform` reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the context of the workflow. Users should upgrade to at least version 2.7.5 to resolve the issue. As a workaround, review any pull requests from external users for malicious payloads before allowing them to trigger a build. 2022-10-25 8.8 CVE-2022-39326

CONFIRM

MISC

MISC keystonejs — keystone @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control – if configured – are vulnerable to their field-level access control not being used. List-level access control is not affected. Field-level access control for fields other than `multiselect` are not affected. Version 2.3.1 contains a fix for this issue. As a workaround, stop using the `multiselect` field. 2022-10-25 9.8 CVE-2022-39322

CONFIRM

MISC lannerinc — iac-ast2500_firmware Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0. 2022-10-24 8.1 CVE-2021-4228

MISC lannerinc — iac-ast2500a_firmware Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 9.8 CVE-2021-26727

MISC

MISC lannerinc — iac-ast2500a_firmware Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 9.8 CVE-2021-26728

MISC

MISC lannerinc — iac-ast2500a_firmware Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 9.8 CVE-2021-26729

MISC

MISC lannerinc — iac-ast2500a_firmware A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 9.8 CVE-2021-26730

MISC

MISC lannerinc — iac-ast2500a_firmware Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 9.8 CVE-2021-26731

MISC

MISC lannerinc — iac-ast2500a_firmware Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 9.8 CVE-2021-46279

MISC

MISC lannerinc — iac-ast2500a_firmware A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 7.5 CVE-2021-26733

MISC

MISC lannerinc — iac-ast2500a_firmware A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 7.5 CVE-2021-44467

MISC

MISC lannerinc — iac-ast2500a_firmware An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 2022-10-24 7.5 CVE-2021-44769

MISC

MISC libexpat_project — libexpat In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. 2022-10-24 7.5 CVE-2022-43680

MISC

MISC

MISC

MLIST

DEBIAN linux — linux_kernel A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. 2022-10-21 9.8 CVE-2022-3649

N/A

N/A linux — linux_kernel A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. 2022-10-21 8.8 CVE-2022-3640

MISC

MISC linux — linux_kernel A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. 2022-10-21 7.8 CVE-2022-3625

N/A

N/A linux — linux_kernel A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935. 2022-10-21 7.8 CVE-2022-3636

N/A

N/A linux — linux_kernel drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor’s internal memory. 2022-10-26 7.8 CVE-2022-43750

MISC

MISC

MISC

MISC linux — linux_kernel A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. 2022-10-21 7 CVE-2022-3635

N/A

N/A litespeedtech — openlitespeed Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. 2022-10-27 8.8 CVE-2022-0073

MISC

MISC litespeedtech — openlitespeed Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. 2022-10-27 8.8 CVE-2022-0074

MISC metabase — metabase Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer allows DDL statements in H2 native queries. 2022-10-26 8.8 CVE-2022-39361

CONFIRM metabase — metabase Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want. 2022-10-26 8.8 CVE-2022-39362

MISC

CONFIRM microsoft — azure_command-line_interface Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability. 2022-10-25 9.8 CVE-2022-39327

CONFIRM

MISC

MISC mitel — micollab A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. 2022-10-25 8.8 CVE-2022-36451

MISC

MISC mitel — micollab A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number. 2022-10-25 8.8 CVE-2022-36453

MISC

MISC octopus — octopus_server In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. 2022-10-27 9.1 CVE-2022-2782

MISC online_medicine_ordering_system_project — online_medicine_ordering_system A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/view_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-212346 is the identifier assigned to this vulnerability. 2022-10-27 9.8 CVE-2022-3714

MISC online_pet_shop_we_app_project — online_pet_shop_we_app Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. 2022-10-27 7.2 CVE-2022-39977

MISC online_pet_shop_we_app_project — online_pet_shop_we_app Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. 2022-10-27 7.2 CVE-2022-39978

MISC open-xchange — ox_app_suite documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. 2022-10-25 9.8 CVE-2022-29851

MISC openfga — openfga OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue. 2022-10-25 9.8 CVE-2022-39341

CONFIRM

MISC

MISC openfga — openfga OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a ‘from’ statement) that involves anything other than a direct relationship (e.g. ‘as self’) are vulnerable. Version 0.2.4 contains a patch for this issue. 2022-10-25 9.8 CVE-2022-39342

CONFIRM

MISC

MISC opensuse — factory A Improper Link Resolution Before File Access (‘Link Following’) vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. 2022-10-26 7.8 CVE-2022-31256

CONFIRM oxilab — accordions Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari’s Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress. 2022-10-21 7.2 CVE-2022-38104

CONFIRM

CONFIRM parseplatform — parse-server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds. 2022-10-24 7.5 CVE-2022-39313

CONFIRM pikepdf_project — pikepdf pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata parsing. 2022-10-24 9.8 CVE-2021-46849

MISC

MISC redis — redis A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. 2022-10-21 7.5 CVE-2022-3647

N/A

N/A robustel — r1510_firmware An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-32765

MISC robustel — r1510_firmware An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-10-25 9.8 CVE-2022-33150

MISC robustel — r1510_firmware A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. 2022-10-25 9.1 CVE-2022-33897

MISC robustel — r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_authorized_keys/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35261

MISC robustel — r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_xml_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35262

MISC robustel — r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35263

MISC robustel — r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_aaa_cert_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35264

MISC robustel — r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_nodejs_app/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35265

MISC robustel — r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_firmware/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35266

MISC robustel — r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35267

MISC robustel — r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_sdk_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35268

MISC robustel — r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_e2c_json_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35269

MISC robustel — r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_wireguard_cert_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35270

MISC robustel — r1510_firmware A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_cert_file/` API is affected by command injection vulnerability. 2022-10-25 7.5 CVE-2022-35271

MISC robustel — r1510_firmware An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-10-25 7.2 CVE-2022-34850

MISC sanitization_management_system_project — sanitization_management_system A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The identifier VDB-212017 was assigned to this vulnerability. 2022-10-26 9.8 CVE-2022-3674

N/A school_activity_updates_with_sms_notification_project — school_activity_updates_with_sms_notification School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=. 2022-10-27 9.8 CVE-2022-39976

MISC sem-cms — semcms SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. 2022-10-28 9.8 CVE-2021-38217

MISC sem-cms — semcms SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php. 2022-10-28 9.8 CVE-2021-38729

MISC

MISC sem-cms — semcms SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. 2022-10-28 9.8 CVE-2021-38730

MISC

MISC sem-cms — semcms SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. 2022-10-28 9.8 CVE-2021-38731

MISC

MISC sem-cms — semcms SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php. 2022-10-28 9.8 CVE-2021-38732

MISC

MISC sem-cms — semcms SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php. 2022-10-28 9.8 CVE-2021-38733

MISC

MISC sem-cms — semcms SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php. 2022-10-28 9.8 CVE-2021-38734

MISC

MISC sem-cms — semcms SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php. 2022-10-28 9.8 CVE-2021-38736

MISC

MISC sem-cms — semcms SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php. 2022-10-28 9.8 CVE-2021-38737

MISC

MISC shescape_project — shescape The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function. 2022-10-27 7.5 CVE-2022-25918

MISC

MISC

MISC

MISC siemens — siveillance_video_mobile_server A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. 2022-10-21 9.8 CVE-2022-43400

MISC simple_cold_storage_management_system_project — simple_cold_storage_managment_system Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. 2022-10-28 7.2 CVE-2022-43229

MISC simple_cold_storage_management_system_project — simple_cold_storage_managment_system Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details. 2022-10-28 7.2 CVE-2022-43230

MISC socket — socket.io-parser Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object. 2022-10-26 9.8 CVE-2022-2421

CONFIRM

CONFIRM soflyy — wp_all_export The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well. 2022-10-25 8.8 CVE-2022-3395

CONFIRM soflyy — wp_all_export The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users. 2022-10-25 7.2 CVE-2022-3394

CONFIRM softmotions — iowow IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the `master` branch of the repository. There are no workarounds other than applying the patch. 2022-10-21 7.5 CVE-2022-23462

CONFIRM

MISC sony — content_transfer Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2022-10-24 7.8 CVE-2022-41796

MISC

MISC st — stm32_mw_usb_host A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs. 2022-10-21 9.8 CVE-2021-42553

CONFIRM synology — diskstation_manager Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. 2022-10-25 9.1 CVE-2022-27623

CONFIRM synology — presto_file_server Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. 2022-10-26 8.8 CVE-2022-43749

CONFIRM synology — presto_file_server Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors. 2022-10-26 7.5 CVE-2022-43748

CONFIRM tenda — ax1803_firmware Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request. 2022-10-27 7.5 CVE-2022-40874

MISC tenda — ax1803_firmware Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. 2022-10-27 7.5 CVE-2022-40875

MISC uatech — badaso Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. 2022-10-25 9.8 CVE-2022-41711

MISC

MISC vestacp — control_panel myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint. 2022-10-24 7.2 CVE-2021-46850

MISC

MISC

MISC

MISC

MISC vim — vim A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. 2022-10-26 7.5 CVE-2022-3705

MISC

MISC webmin — usermin Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. 2022-10-25 8.8 CVE-2022-35132

MISC

MISC wintercms — winter Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts. 2022-10-26 9.8 CVE-2022-39357

MISC

MISC

MISC

CONFIRM

MISC yokogawa — wtviewerefree Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name. 2022-10-24 9.8 CVE-2022-40984

MISC

MISC yordam — library_automation_system Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. 2022-10-27 7.5 CVE-2021-45475

CONFIRM zalando — skipper Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). 2022-10-25 9.8 CVE-2022-38580

MISC

MISC

MISC

MISC

Related News

How to Craft Rich Data-Driven Infographics with Powered Template

How to Craft Rich Data-Driven Infographics with Powered Template

We’re living in a data-driven world, and this means that it’s imperative to share information in the most engaging and…
Meta Fined €265 million in Facebook Data Scraping Case in the EU

Meta Fined €265 million in Facebook Data Scraping Case in the EU

Ireland’s Data Protection Commissioner (DPC) has placed yet another fine of €265 million ($277 million) on Meta following Facebook’s data…
Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

While performing routine monitoring, Cyble’s Global Sensor Intelligence (GIS) discovered a threat actor is distributing unauthorized access to several Fortinet…