Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Vulnerability Summary for the Week of October 31, 2022

honeywell — c200_firmware Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. 2022-10-28 10 CVE-2021-38397

CONFIRM

CONFIRM dlink — dir-846_firmware D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php. 2022-10-31 9.8 CVE-2020-21016

MISC

MISC mkcms_project — mkcms MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. 2022-11-03 9.8 CVE-2020-22818

MISC mkcms_project — mkcms MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. 2022-11-03 9.8 CVE-2020-22819

MISC mkcms_project — mkcms MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. 2022-11-03 9.8 CVE-2020-22820

MISC honeywell — c200_firmware Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. 2022-10-28 9.8 CVE-2021-38395

CONFIRM

CONFIRM xfig_project — xfig xfig 3.2.7 is vulnerable to Buffer Overflow. 2022-10-31 9.8 CVE-2021-40241

MISC stimulsoft — reports Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user’s local machine, as demonstrated by System.Diagnostics.Process.Start. 2022-10-29 9.8 CVE-2021-42777

MISC ibm — infosphere_information_server “IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598.” 2022-11-03 9.8 CVE-2022-22425

MISC octopus — octopus_server In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. 2022-11-01 9.8 CVE-2022-2572

MISC sick — sim2000_firmware Password recovery vulnerability in SICK SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM4000. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled. 2022-11-01 9.8 CVE-2022-27582

MISC sick — sim2000st_firmware Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 and 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM2000ST. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled. 2022-11-01 9.8 CVE-2022-27584

MISC sick — sim1000_fx_firmware Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version < 1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible. (available in SICK Support Portal) 2022-11-01 9.8 CVE-2022-27585

MISC sick — sim1004-0p0g311_firmware Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version < 2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible. 2022-11-01 9.8 CVE-2022-27586

MISC gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO 2022-10-28 9.8 CVE-2022-2826

CONFIRM

MISC

MISC pingcap — tidb Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. 2022-11-04 9.8 CVE-2022-3023

CONFIRM

MISC vmware — spring_security Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true) 2022-10-31 9.8 CVE-2022-31692

MISC awpcp — another_wordpress_classifieds_plugin The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection 2022-10-31 9.8 CVE-2022-3254

CONFIRM apple — iphone_os The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution. 2022-11-01 9.8 CVE-2022-32941

MISC

MISC

MISC

MISC

MISC cloudflare — warp It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli ‘set-custom-endpoint’ subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. 2022-10-28 9.8 CVE-2022-3320

MISC eaton — foreseer_electrical_power_monitoring_system A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . 2022-10-28 9.8 CVE-2022-33859

MISC frauscher — frauscher_diagnostic_system_102 Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device. 2022-11-02 9.8 CVE-2022-3575

CONFIRM ehoney_project — ehoney A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212411. 2022-10-28 9.8 CVE-2022-3729

N/A ehoney_project — ehoney A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file /api/v1/attack/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212412. 2022-10-28 9.8 CVE-2022-3730

N/A ehoney_project — ehoney A vulnerability has been found in seccome Ehoney and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/attack/token. The manipulation of the argument Payload leads to sql injection. The attack can be launched remotely. The identifier VDB-212413 was assigned to this vulnerability. 2022-10-28 9.8 CVE-2022-3731

N/A ehoney_project — ehoney A vulnerability was found in seccome Ehoney and classified as critical. Affected by this issue is some unknown functionality of the file /api/v1/bait/set. The manipulation of the argument Payload leads to sql injection. The attack may be launched remotely. VDB-212414 is the identifier assigned to this vulnerability. 2022-10-28 9.8 CVE-2022-3732

N/A redis — redis A vulnerability was found in Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212416. 2022-10-28 9.8 CVE-2022-3734

N/A

N/A ehoney_project — ehoney A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability. 2022-10-28 9.8 CVE-2022-3735

N/A chatwoot — chatwoot Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. nnFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. 2022-10-28 9.8 CVE-2022-3741

CONFIRM

MISC opennebula — opennebula Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. 2022-10-28 9.8 CVE-2022-37425

MISC phpmyfaq — phpmyfaq Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. 2022-10-29 9.8 CVE-2022-3754

MISC

CONFIRM browserify-shim_project — browserify-shim Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js. 2022-10-28 9.8 CVE-2022-37621

MISC

MISC

MISC browserify-shim_project — _browserify-shim Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js. 2022-10-31 9.8 CVE-2022-37623

MISC

MISC

MISC easyiicms — easyiicms A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability. 2022-10-31 9.8 CVE-2022-3771

N/A tim_campus_confession_wall_project — tim_campus_confession_wall A vulnerability has been found in Tim Campus Confession Wall and classified as critical. Affected by this vulnerability is an unknown functionality of the file share.php. The manipulation of the argument post_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212611. 2022-11-01 9.8 CVE-2022-3789

N/A

N/A arubanetworks — aruba_edgeconnect_enterprise_orchestrator Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. 2022-10-28 9.8 CVE-2022-37913

MISC arubanetworks — aruba_edgeconnect_enterprise_orchestrator Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. 2022-10-28 9.8 CVE-2022-37914

MISC arubanetworks — aruba_edgeconnect_enterprise_orchestrator A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected. 2022-10-28 9.8 CVE-2022-37915

MISC deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization. 2022-10-31 9.8 CVE-2022-38142

MISC centreon — centreon A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. The name of the patch is 293b10628f7d9f83c6c82c78cf637cbe9b907369. It is recommended to apply a patch to fix this issue. VDB-212794 is the identifier assigned to this vulnerability. 2022-11-02 9.8 CVE-2022-3827

MISC

MISC

MISC fortinet — fortiadc An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request. 2022-11-02 9.8 CVE-2022-38381

CONFIRM glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest. 2022-11-03 9.8 CVE-2022-39323

CONFIRM xmldom_project — xmldom xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`. 2022-11-02 9.8 CVE-2022-39353

MISC

CONFIRM datahub_project — datahub DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds. 2022-10-28 9.8 CVE-2022-39366

MISC

MISC

MISC

CONFIRM

MISC fluentd — fluentd Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable `FLUENT_OJ_OPTION_MODE` is explicitly set to `object`. Please note: The option FLUENT_OJ_OPTION_MODE was introduced in Fluentd version 1.13.2. Earlier versions of Fluentd are not affected by this vulnerability. This issue was patched in version 1.15.3. As a workaround do not use `FLUENT_OJ_OPTION_MODE=object`. 2022-11-02 9.8 CVE-2022-39379

MISC

CONFIRM keystonejs — keystone Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/core@3.0.0 || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `”development”` for user code, irrespective of what your environment variables. If you do not use `NODE_ENV` in your user code to trigger security-sensitive functionality, you are not impacted by this vulnerability. Any dependencies that use `NODE_ENV` to trigger particular behaviors (optimizations, security or otherwise) should still respect your environment’s configured `NODE_ENV` variable. The application’s dependencies, as found in `node_modules` (including `@keystone-6/core`), are typically not compiled as part of this process, and thus should be unaffected. We have tested this assumption by verifying that `NODE_ENV=production yarn keystone start` still uses secure cookies when using `statelessSessions`. This vulnerability has been fixed in @keystone-6/core@3.0.2, regression tests have been added for this vulnerability in #8063. 2022-11-03 9.8 CVE-2022-39382

MISC

CONFIRM

MISC deltaww — infrasuite_device_master The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication. This function allows the user to designate all function arguments and the file to be executed. This could allow the attacker to start any new process and achieve remote code execution. 2022-10-31 9.8 CVE-2022-40202

MISC phppointofsale — php_point_of_sale The application was vulnerable to a session fixation that could be used hijack accounts. 2022-10-31 9.8 CVE-2022-40293

MISC phppointofsale — php_point_of_sale The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. 2022-10-31 9.8 CVE-2022-40296

MISC clinic’s_patient_management_system_project — clinic’s_patient_management_system Remote Code Execution in Clinic’s Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php 2022-10-31 9.8 CVE-2022-40471

MISC

MISC

MISC softnext — mail_sqr_expert Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service. 2022-10-31 9.8 CVE-2022-40741

MISC hitachi — infrastructure_analytics_advisor Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. 2022-11-01 9.8 CVE-2022-41552

MISC heidenhain — heros The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line. 2022-10-28 9.8 CVE-2022-41648

MISC deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations and could ultimately result in remote code execution. 2022-10-31 9.8 CVE-2022-41657

MISC deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution. 2022-10-31 9.8 CVE-2022-41772

MISC deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, leading to remote code execution. 2022-10-31 9.8 CVE-2022-41779

MISC auieo — candidats CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks. 2022-11-03 9.8 CVE-2022-42744

MISC

MISC apple — macos An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution. 2022-11-01 9.8 CVE-2022-42808

MISC

MISC

MISC

MISC apple — macos A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution. 2022-11-01 9.8 CVE-2022-42813

MISC

MISC

MISC

MISC haxx — curl curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. 2022-10-29 9.8 CVE-2022-42915

MISC

FEDORA tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. 2022-11-03 9.8 CVE-2022-43101

MISC tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. 2022-11-03 9.8 CVE-2022-43102

MISC tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. 2022-11-03 9.8 CVE-2022-43103

MISC tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. 2022-11-03 9.8 CVE-2022-43104

MISC tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. 2022-11-03 9.8 CVE-2022-43105

MISC tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. 2022-11-03 9.8 CVE-2022-43106

MISC tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. 2022-11-03 9.8 CVE-2022-43107

MISC tenda — ac23_firmware Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. 2022-11-03 9.8 CVE-2022-43108

MISC dlink — dir-823g_firmware D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet. 2022-11-03 9.8 CVE-2022-43109

MISC

MISC rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. 2022-10-28 9.8 CVE-2022-43168

MISC f5 — njs Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. 2022-10-28 9.8 CVE-2022-43286

MISC

MISC lesspipe_project — lesspipe lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. 2022-11-01 9.8 CVE-2022-44542

MISC

MISC zoom — virtual_desktop_infrastructure The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers. 2022-10-31 9.6 CVE-2022-28763

MISC sauter-controls — moduweb_firmware SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive information, including user credentials. 2022-10-31 9.6 CVE-2022-40190

MISC silabs — gecko_bootloader Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. 2022-11-02 9.1 CVE-2022-24936

MISC

MISC sick — flx3-cpuc1_firmware A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. 2022-10-31 9.1 CVE-2022-27583

MISC vmware — cloud_foundation VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. 2022-10-28 9.1 CVE-2022-31678

MISC train_scheduler_app_project — train_scheduler_app A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504. 2022-10-31 9.1 CVE-2022-3774

MISC

MISC

MISC ibm — infosphere_information_server “IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584.” 2022-11-03 9.1 CVE-2022-40747

MISC deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords. 2022-10-31 9.1 CVE-2022-41629

MISC phppointofsale — php_point_of_sale The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account. 2022-10-31 9 CVE-2022-40287

MISC phppointofsale — php_point_of_sale The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile. 2022-10-31 9 CVE-2022-40288

MISC phppointofsale — php_point_of_sale The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files. 2022-10-31 9 CVE-2022-40289

MISC expresstech — quiz_and_survey_master Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. 2022-11-03 8.8 CVE-2021-36906

CONFIRM

CONFIRM haascnc — haas_controller_firmware Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the “Ethernet Q Commands” service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. 2022-10-28 8.8 CVE-2022-2475

MISC keywordrush — content_egg Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress. 2022-11-03 8.8 CVE-2022-25952

CONFIRM

CONFIRM apple — macos A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-26709

MISC

MISC

MISC

MISC

MISC apple — macos A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-26710

MISC

MISC

MISC

MISC apple — macos A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-26716

MISC

MISC

MISC

MISC

MISC apple — macos A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-26717

MISC

MISC

MISC

MISC

MISC

MISC apple — macos A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-26719

MISC

MISC

MISC

MISC

MISC superwhite — demon_image_annotation The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2022-10-28 8.8 CVE-2022-2864

MISC

MISC

MISC ibm — infosphere_information_server “IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a “user that the website trusts. IBM X-Force ID: 227295. 2022-11-03 8.8 CVE-2022-30608

MISC hypr — workforce_access Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse. 2022-11-03 8.8 CVE-2022-3258

MISC apple — iphone_os An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-32888

MISC

MISC

MISC

MISC

MISC

MISC

MISC

MLIST apple — macos A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-32922

MISC

MISC

MISC apple — macos The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. A remote user may be able to cause kernel code execution. 2022-11-01 8.8 CVE-2022-32934

MISC

MISC

MISC google — chrome Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3304

MISC

MISC google — chrome Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3305

MISC

MISC google — chrome Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3306

MISC

MISC google — chrome Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3307

MISC

MISC google — chrome Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: Low) 2022-11-01 8.8 CVE-2022-3315

MISC

MISC nextend — smart_slider_3 The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site. 2022-10-31 8.8 CVE-2022-3357

CONFIRM google — chrome Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3370

MISC

MISC google — chrome Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3373

MISC

MISC bricksbuilder — bricks The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution. 2022-10-28 8.8 CVE-2022-3401

MISC

MISC cloudflare — warp Using warp-cli command “add-trusted-ssid”, a user was able to disconnect WARP client and bypass the “Lock WARP switch” feature resulting in Zero Trust policies not being enforced on an affected endpoint. 2022-10-28 8.8 CVE-2022-3512

MISC google — chrome Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3652

MISC

MISC google — chrome Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3653

MISC

MISC google — chrome Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3654

MISC

MISC google — chrome Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: Medium) 2022-11-01 8.8 CVE-2022-3655

MISC

MISC google — chrome Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chrome security severity: Medium) 2022-11-01 8.8 CVE-2022-3656

MISC

MISC google — chrome Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chrome security severity: Medium) 2022-11-01 8.8 CVE-2022-3657

MISC

MISC google — chrome Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chrome security severity: Medium) 2022-11-01 8.8 CVE-2022-3658

MISC

MISC google — chrome Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chrome security severity: Medium) 2022-11-01 8.8 CVE-2022-3659

MISC

MISC google — chrome Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 2022-11-01 8.8 CVE-2022-3723

MISC

MISC web-based_student_clearance_system_project — web-based_student_clearance_system A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212415. 2022-10-28 8.8 CVE-2022-3733

N/A

N/A exiv2 — exiv2 A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496. 2022-10-29 8.8 CVE-2022-3756

MISC

MISC exiv2 — exiv2 A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability. 2022-10-29 8.8 CVE-2022-3757

MISC

MISC

MISC xjyunjing — yunjing_content_management_system A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500. 2022-10-31 8.8 CVE-2022-3770

N/A

N/A easyiicms — easyiicms A vulnerability, which was classified as problematic, was found in easyii CMS. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. VDB-212502 is the identifier assigned to this vulnerability. 2022-10-31 8.8 CVE-2022-3772

N/A

N/A oracle — restaurant_menu_-_food_ordering_system_-_table_reservation The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2022-11-03 8.8 CVE-2022-3776

MISC

MISC ibax — go-ibax A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212634 is the identifier assigned to this vulnerability. 2022-11-01 8.8 CVE-2022-3798

N/A

N/A ibax — go-ibax A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212635. 2022-11-01 8.8 CVE-2022-3799

N/A

N/A ibax — go-ibax A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636. 2022-11-01 8.8 CVE-2022-3800

N/A

N/A ibax — go-ibax A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability. 2022-11-01 8.8 CVE-2022-3801

N/A

N/A ibax — go-ibax A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The manipulation of the argument where leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212638 is the identifier assigned to this vulnerability. 2022-11-01 8.8 CVE-2022-3802

N/A

N/A m-files — hubshare Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. 2022-10-31 8.8 CVE-2022-39016

MISC glpi-project — glpi GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. 2022-11-03 8.8 CVE-2022-39234

CONFIRM discourse — discourse Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user’s email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses. 2022-11-02 8.8 CVE-2022-39356

CONFIRM

MISC phppointofsale — php_point_of_sale The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts. 2022-10-31 8.8 CVE-2022-40291

MISC phppointofsale — php_point_of_sale The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers. 2022-10-31 8.8 CVE-2022-40294

MISC deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges. 2022-10-31 8.8 CVE-2022-41644

MISC formalms — formalms There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. 2022-10-31 8.8 CVE-2022-41681

CONFIRM xen — xen Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain. 2022-11-01 8.8 CVE-2022-42309

MISC

CONFIRM

MLIST

DEBIAN auieo — candidats CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. 2022-11-03 8.8 CVE-2022-42750

MISC

MISC auieo — candidats CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. 2022-11-03 8.8 CVE-2022-42751

MISC

MISC apple — iphone_os A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-42795

MISC

MISC

MISC

MISC apple — macos A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-11-01 8.8 CVE-2022-42823

MISC

MISC

MISC

MISC

MISC

MLIST formalms — formalms Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the ‘id’ parameter in the ‘appCore/index.php?r=adm/mediagallery/delete’ function in order to dump the entire database or delete all contents from the ‘core_user_file’ table. 2022-10-31 8.8 CVE-2022-42923

CONFIRM formalms — formalms There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection. 2022-10-31 8.8 CVE-2022-42925

CONFIRM online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/view_appointment. 2022-11-02 8.8 CVE-2022-43226

MISC totaljs — total.js In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. 2022-10-30 8.8 CVE-2022-44019

MISC

MISC

MISC pixman — pixman In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. 2022-11-03 8.8 CVE-2022-44638

MISC

MLIST fortinet — fortimail An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64. 2022-11-02 8.6 CVE-2022-26122

CONFIRM apple — macos A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions. 2022-11-01 8.6 CVE-2022-32890

MISC apple — safari An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions. 2022-11-01 8.6 CVE-2022-32892

MISC

MISC

MISC

MISC cloudflare — warp_mobile_client It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. 2022-10-28 8.5 CVE-2022-3337

MISC cloudflare — warp_mobile_client It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both “Disable for cellular networks” and “Disable for Wi-Fi networks” switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform. 2022-10-28 8.2 CVE-2022-3321

MISC stb_project — stb stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. 2022-11-02 8.1 CVE-2021-37789

MISC fortinet — fortios A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack. 2022-11-02 8.1 CVE-2022-30307

CONFIRM vmware — spring_security Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token. 2022-10-31 8.1 CVE-2022-31690

MISC thimpress — learnpress The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function. 2022-10-31 8.1 CVE-2022-3360

CONFIRM google — web_stories The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the ‘url’ parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. 2022-10-28 8.1 CVE-2022-3708

MISC

MISC

MISC

MISC haascnc — haas_controller_firmware Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device. 2022-10-28 8 CVE-2022-2474

MISC apereo — phpcas phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to “^(https)://.*”) or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim’s account on a vulnerable CASified service without victim’s knowledge, when the victim visits attacker’s website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS < 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP's HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior. 2022-11-01 8 CVE-2022-39369

CONFIRM jhead_project — jhead jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. 2022-11-04 7.8 CVE-2021-34055

MISC netskope — netskope Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user. 2022-11-03 7.8 CVE-2021-44862

MISC fortinet — fortisiem A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. 2022-11-02 7.8 CVE-2022-26119

CONFIRM apple — macos A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution. 2022-11-01 7.8 CVE-2022-26730

MISC apple — macos A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with system privileges. 2022-11-01 7.8 CVE-2022-26762

MISC

MISC apple — mac_os_x A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges. 2022-11-01 7.8 CVE-2022-32794

MISC

MISC

MISC apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32865

MISC

MISC apple — macos The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32866

MISC

MISC

MISC

MISC

MISC apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 16. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32887

MISC apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32889

MISC

MISC apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32898

MISC

MISC

MISC

MISC apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32899

MISC

MISC

MISC

MISC apple — iphone_os A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32903

MISC

MISC

MISC apple — macos This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges. 2022-11-01 7.8 CVE-2022-32905

MISC apple — iphone_os This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32907

MISC

MISC

MISC apple — iphone_os A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32914

MISC

MISC

MISC

MISC

MISC

MISC apple — macos A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32915

MISC apple — macos The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32924

MISC

MISC

MISC

MISC

MISC

MISC apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32932

MISC

MISC

MISC apple — iphone_os The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32939

MISC

MISC apple — macos The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32940

MISC

MISC

MISC

MISC apple — macos A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32944

MISC

MISC

MISC

MISC

MISC

MISC

MISC apple — macos The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-32947

MISC

MISC

MISC fortinet — fortitester An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. 2022-11-02 7.8 CVE-2022-33870

CONFIRM ibm — infosphere_information_server “IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-“Force ID: 231361. 2022-11-03 7.8 CVE-2022-35717

MISC axiosys — bento4 A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4_Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp of the component mp4hls. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212563. 2022-10-31 7.8 CVE-2022-3784

N/A

N/A

N/A axiosys — bento4 A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_DataBuffer::SetDataSize of the component Avcinfo. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212564. 2022-10-31 7.8 CVE-2022-3785

N/A

N/A

N/A schneider-electric — ecostruxure_operator_terminal_expert A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). 2022-11-04 7.8 CVE-2022-41666

MISC schneider-electric — ecostruxure_operator_terminal_expert A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). 2022-11-04 7.8 CVE-2022-41667

MISC schneider-electric — ecostruxure_operator_terminal_expert A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). 2022-11-04 7.8 CVE-2022-41668

MISC opensvc — multipath-tools multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. 2022-10-29 7.8 CVE-2022-41973

MISC

MISC

MISC

FULLDISC

MISC opensvc — multipath-tools multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. 2022-10-29 7.8 CVE-2022-41974

MISC

MISC

MISC

FULLDISC

MISC apple — ipados This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS 15.7, macOS Ventura 13. An app may be able to gain elevated privileges. 2022-11-01 7.8 CVE-2022-42796

MISC

MISC apple — macos This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution. 2022-11-01 7.8 CVE-2022-42800

MISC

MISC

MISC

MISC

MISC

MISC apple — macos A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7.8 CVE-2022-42801

MISC

MISC

MISC

MISC

MISC

MISC apple — macos The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution. 2022-11-01 7.8 CVE-2022-42809

MISC apple — macos A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination or arbitrary code execution. 2022-11-01 7.8 CVE-2022-42820

MISC

MISC apple — iphone_os An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. 2022-11-01 7.8 CVE-2022-42827

MISC

MISC webassembly — wasm wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector>::size() at /bits/stl_vector.h. 2022-10-28 7.8 CVE-2022-43281

MISC hcltech — verse The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app. 2022-11-01 7.5 CVE-2020-4099

CONFIRM hcltech — hcl_launch_container_image The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. 2022-10-31 7.5 CVE-2021-27784

CONFIRM honeywell — c200_firmware Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. 2022-10-28 7.5 CVE-2021-38399

CONFIRM

CONFIRM mt — ind780_firmware A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label ‘IND780_8.0.07’), Version 7.2.10 June 18, 2012 (SS Label ‘IND780_7.2.10’). It was possible to traverse the folders of the affected host by providing a traversal path to the ‘webpage’ parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future. 2022-10-31 7.5 CVE-2021-40661

MISC

MISC hitachi — vantara_pentaho A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory. 2022-11-02 7.5 CVE-2021-45446

MISC hitachi — vantara_pentaho Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access. 2022-11-02 7.5 CVE-2021-45447

MISC muhammara_project — muhammara The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data. 2022-11-01 7.5 CVE-2022-25885

CONFIRM

CONFIRM

CONFIRM

CONFIRM

CONFIRM muhammara_project — muhammara The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. 2022-11-01 7.5 CVE-2022-25892

CONFIRM

CONFIRM

CONFIRM

CONFIRM

CONFIRM

CONFIRM zephyrproject — zephyr The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa). 2022-10-31 7.5 CVE-2022-2741

MISC schoolbox — schoolbox The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database. 2022-10-31 7.5 CVE-2022-3059

MISC trihedral — vtscada An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. 2022-11-02 7.5 CVE-2022-3181

MISC apache — unstructured_information_management_architecture A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine. 2022-11-03 7.5 CVE-2022-32287

MISC

MLIST apple — mac_os_x A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper. 2022-11-01 7.5 CVE-2022-32910

MISC

MISC

MISC apple — iphone_os The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app. 2022-11-01 7.5 CVE-2022-32927

MISC

MISC cloudflare — warp_mobile_client Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the “Disable WARP” quick action. 2022-10-28 7.5 CVE-2022-3322

MISC fortinet — fortios An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS. 2022-11-02 7.5 CVE-2022-35842

CONFIRM openssl — openssl A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6). 2022-11-01 7.5 CVE-2022-3602

CONFIRM

MLIST

MLIST

MLIST

MLIST

MLIST

MLIST

MLIST

MLIST

CISCO

GENTOO

CONFIRM

MLIST

MLIST

MLIST

MLIST

MLIST

MLIST

MLIST

MLIST

MISC

MLIST

MLIST

MLIST

MLIST

MLIST

CONFIRM

CERT-VN

MLIST

MLIST

MLIST

MLIST

MLIST

MLIST

MISC

MISC

MISC

MISC

MISC

MISC cloudflare — octorpki Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. 2022-10-28 7.5 CVE-2022-3616

MISC redhat — ansible_collection A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. 2022-10-28 7.5 CVE-2022-3697

MISC opennebula — opennebula Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. 2022-10-28 7.5 CVE-2022-37426

MISC html-minifier_project — html-minifier A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js. 2022-10-31 7.5 CVE-2022-37620

MISC

MISC

MISC devolutions — remote_desktop_manager Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. 2022-11-01 7.5 CVE-2022-3780

MISC openssl — openssl A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. 2022-11-01 7.5 CVE-2022-3786

CONFIRM

MISC m-files — hubshare Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. 2022-10-31 7.5 CVE-2022-39018

MISC m-files — hubshare Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. 2022-10-31 7.5 CVE-2022-39019

MISC conduit-hyper_project — conduit-hyper conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request’s length before calling [`hyper::body::to_bytes`](https://docs.rs/hyper/latest/hyper/body/fn.to_bytes.html). An attacker could send a malicious request with an abnormally large `Content-Length`, which could lead to a panic if memory allocation failed for that request. In version 0.4.2, `conduit-hyper` sets an internal limit of 128 MiB per request, otherwise returning status 400 (“Bad Request”). This crate is part of the implementation of Rust’s [crates.io](https://crates.io/), but that service is not affected due to its existing cloud infrastructure, which already drops such malicious requests. Even with the new limit in place, `conduit-hyper` is not recommended for production use, nor to directly serve the public Internet. 2022-10-31 7.5 CVE-2022-39294

CONFIRM strongswan — strongswan strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker’s control) that doesn’t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. 2022-10-31 7.5 CVE-2022-40617

CONFIRM ndk-design — ndkadvancedcustomizationfields A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data. 2022-11-01 7.5 CVE-2022-40839

MISC

MISC

MISC haascnc — haas_controller Communication traffic involving “Ethernet Q Commands” service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller. 2022-10-28 7.5 CVE-2022-41636

MISC deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group. 2022-10-31 7.5 CVE-2022-41688

MISC golang — go Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string “A=Bx00C=D” sets the variables “A=B” and “C=D”. 2022-11-02 7.5 CVE-2022-41716

MISC

MISC

MISC

MISC deltaww — infrasuite_device_master Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrative passwords. 2022-10-31 7.5 CVE-2022-41776

MISC apache — tomcat If Apache Tomcat 8.5.0 to 8.5.52, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. 2022-11-01 7.5 CVE-2022-42252

MISC xen — xen Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction 2022-11-01 7.5 CVE-2022-42311

MISC

CONFIRM

DEBIAN auieo — candidats CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE. 2022-11-03 7.5 CVE-2022-42745

MISC

MISC haxx — curl In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. 2022-10-29 7.5 CVE-2022-42916

MISC

FEDORA fast_food_ordering_system_project — fast_food_ordering_system Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /fastfood/purchase.php. 2022-11-01 7.5 CVE-2022-43081

MISC open5gs — open5gs open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. 2022-11-01 7.5 CVE-2022-43221

MISC open5gs — open5gs open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. 2022-11-01 7.5 CVE-2022-43222

MISC open5gs — open5gs open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment. 2022-11-01 7.5 CVE-2022-43223

MISC f5 — njs Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. 2022-10-28 7.5 CVE-2022-43284

MISC

MISC f5 — njs Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. 2022-10-28 7.5 CVE-2022-43285

MISC openharmony — openharmony OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. 2022-11-03 7.5 CVE-2022-43495

MISC ibm — robotic_process_automation “IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679.” 2022-11-03 7.5 CVE-2022-43574

MISC jetbrains — teamcity In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings 2022-11-03 7.5 CVE-2022-44623

MISC jetbrains — teamcity In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters 2022-11-03 7.5 CVE-2022-44624

MISC google — chrome Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: Medium) 2022-11-01 7.4 CVE-2022-3308

MISC

MISC sick — sim2000-2p04g10_firmware Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version <= 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >1.2.0 as soon as possible. 2022-11-01 7.3 CVE-2022-43989

MISC sick — sim1012-0p0g200_firmware Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version < 2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible. (available in SICK Support Portal) 2022-11-01 7.3 CVE-2022-43990

MISC expresstech — quiz_and_survey_master Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. 2022-10-28 7.2 CVE-2021-36898

CONFIRM

CONFIRM wp-ecommerce — easy_wp_smtp The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. 2022-10-31 7.2 CVE-2022-3334

CONFIRM publishpress — capabilities The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site. 2022-10-31 7.2 CVE-2022-3366

CONFIRM oceanwp — ocean_extra The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog. 2022-10-31 7.2 CVE-2022-3374

CONFIRM wpbeaverbuilder — customizer_export/import The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. 2022-10-31 7.2 CVE-2022-3380

CONFIRM garage_management_system_project — garage_management_system Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php. 2022-11-02 7.2 CVE-2022-41551

MISC online_tours_&_travels_management_system_project — online_tours_&_travels_management_system Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-03 7.2 CVE-2022-43061

MISC online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_appointment. 2022-11-03 7.2 CVE-2022-43062

MISC online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Users.php?f=delete_client. 2022-11-03 7.2 CVE-2022-43063

MISC online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=delete_message. 2022-11-02 7.2 CVE-2022-43066

MISC online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. 2022-11-02 7.2 CVE-2022-43068

MISC vehicle_booking_system_project — vehicle_booking_system An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-01 7.2 CVE-2022-43083

MISC restaurant_pos_system_project — restaurant_pos_system An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-01 7.2 CVE-2022-43085

MISC online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. 2022-11-01 7.2 CVE-2022-43124

MISC online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manage_appointment.php. 2022-11-01 7.2 CVE-2022-43125

MISC online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php. 2022-11-01 7.2 CVE-2022-43126

MISC online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php. 2022-11-01 7.2 CVE-2022-43127

MISC online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment. 2022-11-02 7.2 CVE-2022-43227

MISC simple_cold_storage_management_system_project — simple_cold_storage_managment_system Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. 2022-10-28 7.2 CVE-2022-43229

MISC

MISC canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. 2022-11-01 7.2 CVE-2022-43328

MISC canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. 2022-11-01 7.2 CVE-2022-43329

MISC canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. 2022-11-01 7.2 CVE-2022-43330

MISC canteen_management_system_project — canteen_management_system Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php. 2022-11-01 7.2 CVE-2022-43331

MISC sanitization_management_system_project — sanitization_management_system Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. 2022-11-01 7.2 CVE-2022-43353

MISC sanitization_management_system_project — sanitization_management_system Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request. 2022-11-01 7.2 CVE-2022-43354

MISC sanitization_management_system_project — sanitization_management_system Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service. 2022-11-01 7.2 CVE-2022-43355

MISC slims — senayan_library_management_system Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. 2022-11-01 7.2 CVE-2022-43362

MISC apple — iphone_os An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory. 2022-11-01 7.1 CVE-2022-32925

MISC

MISC

MISC xen — xen x86: unintended memory sharing between guests On Intel systems that support the “virtualize APIC accesses” feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests. 2022-11-01 7.1 CVE-2022-42327

MISC

CONFIRM

MLIST webassembly — wabt wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount. 2022-10-28 7.1 CVE-2022-43280

MISC webassembly — wabt wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. 2022-10-28 7.1 CVE-2022-43282

MISC sudo_project — sudo Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. 2022-11-02 7.1 CVE-2022-43995

MISC

MISC

MISC

MISC xen — xen Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0. 2022-11-01 7 CVE-2022-42320

MISC

CONFIRM

MLIST

DEBIAN apple — macos A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7 CVE-2022-42791

MISC apple — iphone_os A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7 CVE-2022-42803

MISC

MISC

MISC

MISC

MISC

MISC apple — macos A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. 2022-11-01 7 CVE-2022-42806

MISC

MISC

Related News

Hackers using USB drives to spread malware in ongoing attack

Hackers using USB drives to spread malware in ongoing attack

According to a recent post by the cybersecurity firm Mandiant, USB drives are being used to hack targets in Southeast…
AI-Powered Smart Glasses Give Deaf People the Power of Speech

AI-Powered Smart Glasses Give Deaf People the Power of Speech

In a recent example of innovative technology making a positive difference, there is now new artificial intelligence (AI) powered smart…
16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

Seeing as scammers readily jump to capitalize on events with huge global interest, it comes as no surprise that Group-IB…