Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Vulnerability Summary for the Week of September 5, 2022

apache — airflow In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. 2022-09-02 not yet calculated CVE-2022-38054

CONFIRM

MLIST apache — airflow In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `–daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. 2022-09-02 not yet calculated CVE-2022-38170

CONFIRM

MLIST

MLIST apache — iotdb Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue. 2022-09-05 not yet calculated CVE-2022-38369

MISC

MLIST apache — iotdb Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue. 2022-09-05 not yet calculated CVE-2022-38370

MISC

MLIST apache — ofbiz Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS. 2022-09-02 not yet calculated CVE-2022-25370

CONFIRM

MLIST

MLIST apache — ofbiz Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier. 2022-09-02 not yet calculated CVE-2022-25371

CONFIRM

MLIST

MLIST apache — ofbiz In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the “Contact us” page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. 2022-09-02 not yet calculated CVE-2022-25813

CONFIRM

MLIST apache — ofbiz The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646. 2022-09-02 not yet calculated CVE-2022-29063

CONFIRM

MLIST apache — ofbiz

  Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599 2022-09-02 not yet calculated CVE-2022-29158

CONFIRM

MLIST appsmith — appsmith Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak. 2022-09-05 not yet calculated CVE-2022-39824

MISC

MISC asp.net_core — miniblog.core Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field. 2022-09-02 not yet calculated CVE-2022-37679

MISC atlassian — jira The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint. 2022-09-05 not yet calculated CVE-2022-38367

MISC

MISC avaya — ip_office_admin_lite_and_usb_creator A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. 2022-09-02 not yet calculated CVE-2021-25657

CONFIRM bitdefender — bitdefender_gravityzone_console Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2. 2022-09-05 not yet calculated CVE-2022-2830

MISC blackboard — learn Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. 2022-09-05 not yet calculated CVE-2022-39196

MISC blogengine — blogengine BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. 2022-09-02 not yet calculated CVE-2022-36600

MISC chatwoot — chatwoot

  Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. 2022-09-06 not yet calculated CVE-2022-2901

MISC

CONFIRM cotonti — siena Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post. 2022-09-05 not yet calculated CVE-2022-39839

MISC cotonti — siena Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM). 2022-09-05 not yet calculated CVE-2022-39840

MISC databasir — databasir

  Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7. 2022-09-02 not yet calculated CVE-2022-31196

MISC

CONFIRM

MISC dell — multiple_products

  Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. 2022-09-02 not yet calculated CVE-2022-34382

MISC dell — powerscale_onefs Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. 2022-09-02 not yet calculated CVE-2022-34371

MISC dell — powerscale_onefs Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. 2022-09-02 not yet calculated CVE-2022-34369

MISC dell — powerscale_onefs

  Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. 2022-09-02 not yet calculated CVE-2022-34378

MISC discourse — discourse Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. 2022-09-02 not yet calculated CVE-2022-37458

MISC

MISC

MISC dokuwiki — dokuwiki Cross-site Scripting (XSS) – Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. 2022-09-05 not yet calculated CVE-2022-3123

MISC

CONFIRM drakkan — sftpgo SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP. In SFTPGo versions from version 2.2.0 to 2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the user’s password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time. This issue has been fixed in version 2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it. 2022-09-02 not yet calculated CVE-2022-36071

MISC

CONFIRM drawio — drawio Cross-site Scripting (XSS) – Stored in GitHub repository jgraph/drawio prior to 20.2.8. 2022-09-05 not yet calculated CVE-2022-3127

CONFIRM

MISC drawio — drawio Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. 2022-09-02 not yet calculated CVE-2022-3065

CONFIRM

MISC gagliardetto — binary

  Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it’s possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice. 2022-09-02 not yet calculated CVE-2022-36078

CONFIRM

MISC

MISC garage_management_system — garage_management_system An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. 2022-09-02 not yet calculated CVE-2022-36638

MISC

MISC garage_management_system — garage_management_system Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. 2022-09-02 not yet calculated CVE-2022-36636

MISC

MISC garage_management_system — garage_management_system Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. 2022-09-02 not yet calculated CVE-2022-36637

MISC

MISC garage_management_system — garage_management_system A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. 2022-09-02 not yet calculated CVE-2022-36639

MISC

MISC geonetwork — geonetwork

  A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0. 2022-09-05 not yet calculated CVE-2021-28398

MISC

CONFIRM

MISC

MISC grafana — grafana_image_renderer Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer). 2022-09-02 not yet calculated CVE-2022-31176

CONFIRM

MISC hitachi — raid_manager_storage_replicationadapter OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. 2022-09-06 not yet calculated CVE-2022-34883

MISC hitachi — raid_manager_storage_replicationadapter Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. 2022-09-06 not yet calculated CVE-2022-34882

MISC ibm — 123elf_lotus_1-2-3

  123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from process_fmt() that can be reached via a w3r_format element in a wk3 document. 2022-09-05 not yet calculated CVE-2022-39843

MISC

MISC kkfileview — kkfileview kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. 2022-09-02 not yet calculated CVE-2022-36593

MISC libdwarf — libdwarf libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. 2022-09-02 not yet calculated CVE-2022-39170

MISC

MISC libvnclient — libvnclient libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). 2022-09-02 not yet calculated CVE-2020-29260

MISC linux — bluez BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. 2022-09-02 not yet calculated CVE-2022-39177

MISC

MISC linux — bluez BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. 2022-09-02 not yet calculated CVE-2022-39176

MISC

MISC linux — linux_kernel An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. 2022-09-02 not yet calculated CVE-2022-39189

MISC

MISC

MISC

MISC linux — linux_kernel An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. 2022-09-02 not yet calculated CVE-2022-39190

MISC

MISC

MISC

MISC linux — linux_kernel An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. 2022-09-05 not yet calculated CVE-2022-39842

MISC

MISC linux — linux_kernel An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. 2022-09-02 not yet calculated CVE-2022-39188

MISC

MISC

MISC

MISC

MISC mediawiki — mediawiki An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed. 2022-09-02 not yet calculated CVE-2022-39194

MISC modsecurity — owasp-modsecurity-crs Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. 2022-09-02 not yet calculated CVE-2020-22669

CONFIRM

MISC mybatis — mapper Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. 2022-09-02 not yet calculated CVE-2022-36594

MISC nodebb — nodebb

  NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2. 2022-09-02 not yet calculated CVE-2022-36076

MISC

CONFIRM

MISC online_food_ordering_system — online_food_ordering_system Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. 2022-09-02 not yet calculated CVE-2022-36759

MISC otrs_ag — otrs Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package 2022-09-05 not yet calculated CVE-2022-39051

CONFIRM otrs_ag — otrs

  An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap 2022-09-05 not yet calculated CVE-2022-39050

CONFIRM otrs_ag — otrs

  An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. 2022-09-05 not yet calculated CVE-2022-39049

CONFIRM pfsense — pfblockerng pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. 2022-09-05 not yet calculated CVE-2022-31814

MISC

MISC pkuvcl — pkuvcl_davs2 PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. 2022-09-02 not yet calculated CVE-2022-36647

MISC prestashop — prestashop This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator’s cookie. The issue is fixed in version 5.0.2. 2022-09-02 not yet calculated CVE-2022-35933

CONFIRM

MISC pspp — pspp An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2022-09-05 not yet calculated CVE-2022-39832

MISC pspp — pspp

  An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230. 2022-09-05 not yet calculated CVE-2022-39831

MISC publiccms — publiccms Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. 2022-09-02 not yet calculated CVE-2021-27693

MISC

MISC qualcomm — snapdragon Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-25680

CONFIRM qualcomm — snapdragon Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-22069

CONFIRM qualcomm — snapdragon Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22096

CONFIRM qualcomm — snapdragon Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35122

CONFIRM qualcomm — snapdragon Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2022-09-02 not yet calculated CVE-2022-22080

CONFIRM qualcomm — snapdragon Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-22070

CONFIRM qualcomm — snapdragon Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22067

CONFIRM qualcomm — snapdragon Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22099

CONFIRM qualcomm — snapdragon An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-09-02 not yet calculated CVE-2022-22062

CONFIRM qualcomm — snapdragon Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22061

CONFIRM qualcomm — snapdragon Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22059

CONFIRM qualcomm — snapdragon Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35108

CONFIRM qualcomm — snapdragon Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35097

CONFIRM qualcomm — snapdragon Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35132

CONFIRM qualcomm — snapdragon Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35133

CONFIRM qualcomm — snapdragon Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT 2022-09-02 not yet calculated CVE-2022-22097

CONFIRM qualcomm — snapdragon Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22098

CONFIRM qualcomm — snapdragon A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35135

CONFIRM qualcomm — snapdragon Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25657

CONFIRM qualcomm — snapdragon Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25668

CONFIRM qualcomm — snapdragon Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35134

CONFIRM qualcomm — snapdragon Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22101

CONFIRM qualcomm — snapdragon Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22102

CONFIRM qualcomm — snapdragon Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25659

CONFIRM qualcomm — snapdragon Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22104

CONFIRM qualcomm — snapdragon Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22106

CONFIRM qualcomm — snapdragon Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35113

CONFIRM qualcomm — snapdragon Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25658

CONFIRM qualcomm — snapdragon Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22100

CONFIRM qualcomm — snapdragon

  Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35109

CONFIRM rosariosis — rosariosis Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. 2022-09-06 not yet calculated CVE-2022-2714

CONFIRM

MISC samsung — mtower sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. 2022-09-05 not yet calculated CVE-2022-39830

MISC

MISC

MISC samsung — mtower

  There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. 2022-09-05 not yet calculated CVE-2022-39829

MISC

MISC

MISC samsung — mtower

  sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service. 2022-09-05 not yet calculated CVE-2022-39828

MISC

MISC

MISC snakeyaml — snakeyaml Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. 2022-09-05 not yet calculated CVE-2022-38749

MISC

MISC snakeyaml — snakeyaml Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. 2022-09-05 not yet calculated CVE-2022-38750

MISC

MISC snakeyaml — snakeyaml Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. 2022-09-05 not yet calculated CVE-2022-38751

MISC

MISC snakeyaml — snakeyaml

  Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. 2022-09-05 not yet calculated CVE-2022-38752

MISC

MISC sourcecodehero — sourcecodehero_erp_system_project A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability. 2022-09-04 not yet calculated CVE-2022-3118

MISC

MISC sourcecodester — clinics_patient_management_system A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability. 2022-09-05 not yet calculated CVE-2022-3122

MISC

MISC sourcecodester — clinics_patient_management_system A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-207847. 2022-09-05 not yet calculated CVE-2022-3120

MISC

MISC sourcecodester — clinic’s_patient_management_system Clinic’s Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. 2022-09-02 not yet calculated CVE-2022-36609

MISC sourcecodester — expense_management_system Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. 2022-09-02 not yet calculated CVE-2022-36754

MISC sourcecodester — online_employee_leave_management_system A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability. 2022-09-05 not yet calculated CVE-2022-3121

MISC synapse — synapse

  Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround. 2022-09-02 not yet calculated CVE-2022-31152

MISC

MISC

MISC

CONFIRM systematic_fix_adapter — systematic_fix_adapter Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames. 2022-09-05 not yet calculated CVE-2022-39838

MISC

MISC

MISC telos_alliance — omnia_mpx_node

  A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands. 2022-09-02 not yet calculated CVE-2022-36642

MISC

MISC

MISC

MISC tinygltf — tinygltf

  The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751 2022-09-05 not yet calculated CVE-2022-3008

CONFIRM

CONFIRM

CONFIRM

CONFIRM vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0360. 2022-09-03 not yet calculated CVE-2022-3099

CONFIRM

MISC wolfssl — wolfssl wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. 2022-09-02 not yet calculated CVE-2021-44718

MISC

MISC wordpress — wordpress The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site. 2022-09-05 not yet calculated CVE-2022-2083

MISC

MISC wordpress — wordpress The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-09-05 not yet calculated CVE-2022-2271

MISC wordpress — wordpress The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users 2022-09-05 not yet calculated CVE-2022-2376

MISC wordpress — wordpress The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts 2022-09-05 not yet calculated CVE-2022-2543

MISC wordpress — wordpress The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins 2022-09-05 not yet calculated CVE-2022-2565

MISC wordpress — wordpress The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts 2022-09-05 not yet calculated CVE-2022-2597

MISC wordpress — wordpress The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors (reporter by the submitter) or update arbitrary order status (identified by WPScan when verifying the issue) for example. Other unauthenticated attacks are also possible, either directly or via CSRF 2022-09-05 not yet calculated CVE-2022-2657

MISC wordpress — wordpress The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-09-05 not yet calculated CVE-2022-2775

MISC zyxel — nas326

  A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. 2022-09-06 not yet calculated CVE-2022-34747

CONFIRM

Related News

Hackers using USB drives to spread malware in ongoing attack

Hackers using USB drives to spread malware in ongoing attack

According to a recent post by the cybersecurity firm Mandiant, USB drives are being used to hack targets in Southeast…
AI-Powered Smart Glasses Give Deaf People the Power of Speech

AI-Powered Smart Glasses Give Deaf People the Power of Speech

In a recent example of innovative technology making a positive difference, there is now new artificial intelligence (AI) powered smart…
16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

Seeing as scammers readily jump to capitalize on events with huge global interest, it comes as no surprise that Group-IB…