Vulnerability Summary for the Week of October 3, 2022

Released
Oct 11, 2022
Document ID
SB22-284

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
actian -- psqlIf folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database.2022-09-308.8CVE-2022-40756
MISC
MISC
apache -- airflowIn Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.2022-10-078.1CVE-2022-41672
CONFIRM
CONFIRM
apache -- commons_jxpathThose using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution.2022-10-069.8CVE-2022-41852
MISC
arubanetworks -- instantThere are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.2022-10-069.8CVE-2022-37888
MISC
asus -- rt-ax56u_firmwareA stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.2022-10-068.8CVE-2021-40556
CONFIRM
MISC
autodesk -- autocadA maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.2022-10-037.8CVE-2022-33885
MISC
autodesk -- autocadA maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.2022-10-037.8CVE-2022-33886
MISC
autodesk -- autocadA maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.2022-10-037.8CVE-2022-33887
MISC
autodesk -- autocadA malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2022-10-037.8CVE-2022-33888
MISC
autodesk -- autocadParsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2022-10-037.5CVE-2022-33884
MISC
autodesk -- autodesk_desktopUnder certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.2022-10-039.8CVE-2022-33882
MISC
autodesk -- design_reviewA maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.2022-10-037.8CVE-2022-33889
MISC
autodesk -- design_reviewA maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2022-10-037.8CVE-2022-33890
MISC
autodesk -- moldflow_synergyA malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2022-10-037.8CVE-2022-33883
MISC
autodesk -- subassembly_composerA maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2022-10-037.8CVE-2022-41301
MISC
axiosys -- bento4Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux.2022-10-038.8CVE-2022-41428
MISC
axiosys -- bento4Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag.2022-10-038.8CVE-2022-41429
MISC
axiosys -- bento4Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux.2022-10-038.8CVE-2022-41430
MISC
backdropcms -- backdrop_cmsBackdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution.2022-10-077.2CVE-2022-42092
MISC
billing_system_project_project -- billing_system_projectBilling System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.2022-09-307.2CVE-2022-41437
MISC
billing_system_project_project -- billing_system_projectBilling System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.2022-09-307.2CVE-2022-41439
MISC
billing_system_project_project -- billing_system_projectBilling System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.2022-09-307.2CVE-2022-41440
MISC
bookingultrapro -- booking_ultra_pro_appointments_booking_calendarMultiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress.2022-09-308.8CVE-2021-36854
CONFIRM
CONFIRM
bus_pass_management_system_project -- bus_pass_management_systemBus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..2022-09-309.8CVE-2022-35156
MISC
MISC
MISC
cisco -- ios_xeA vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malicious DHCP messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2022-09-307.5CVE-2022-20847
CISCO
cisco -- ios_xeA vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2022-09-307.5CVE-2022-20848
CISCO
cisco -- ios_xeA vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition.2022-09-307.5CVE-2022-20856
CISCO
cisco -- ios_xeA vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.2022-09-307.5CVE-2022-20919
CISCO
cisco -- ios_xeA vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device.2022-09-307.2CVE-2022-20851
CISCO
cisco -- sd-wan_vbond_orchestratorMultiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.2022-09-307.8CVE-2022-20818
CISCO
cisco -- sd-wan_vmanageMultiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.2022-09-307.8CVE-2022-20775
CISCO
cisco -- sd-wan_vsmart_controllerA vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.2022-09-307.1CVE-2022-20850
CISCO
cloudflare -- goflowsflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.2022-09-307.5CVE-2022-2529
MISC
codeigniter -- codeigniterB.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function.2022-10-079.8CVE-2022-40824
MISC
codeigniter -- codeigniterB.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function.2022-10-079.8CVE-2022-40825
MISC
codeigniter -- codeigniterB.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function.2022-10-079.8CVE-2022-40826
MISC
codeigniter -- codeigniterB.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function.2022-10-079.8CVE-2022-40827
MISC
codeigniter -- codeigniterB.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function.2022-10-079.8CVE-2022-40828
MISC
codeigniter -- codeigniterB.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function.2022-10-079.8CVE-2022-40829
MISC
codeigniter -- codeigniterB.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function.2022-10-079.8CVE-2022-40830
MISC
codeigniter -- codeigniterB.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function.2022-10-079.8CVE-2022-40831
MISC
codeigniter -- codeigniterB.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php having() function.2022-10-079.8CVE-2022-40832
MISC
codeigniter -- codeigniterB.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function.2022-10-079.8CVE-2022-40833
MISC
codeigniter -- codeigniterB.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function.2022-10-079.8CVE-2022-40834
MISC
codeigniter -- codeigniterB.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php.2022-10-079.8CVE-2022-40835
MISC
creativedream_file_uploader_project -- creativedream_file_uploaderArbitrary file upload vulnerability in php uploader2022-10-039.8CVE-2022-40721
MISC
MISC
MLIST
css-what_project -- css-whatThe package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.2022-09-307.5CVE-2022-21222
CONFIRM
CONFIRM
dairy_farm_shop_management_system_project -- dairy_farm_shop_management_systemDairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.2022-09-309.8CVE-2022-40943
MISC
MISC
dairy_farm_shop_management_system_project -- dairy_farm_shop_management_systemDairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.2022-09-309.8CVE-2022-40944
MISC
MISC
MISC
dedecms -- dedecmsDedeCMS 5.7.98 has a file upload vulnerability in the background.2022-10-037.2CVE-2022-40886
MISC
dell -- hybrid_clientDell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.2022-09-307.1CVE-2022-34429
MISC
fasterxml -- jackson-databindIn FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.2022-10-027.5CVE-2022-42003
MISC
MISC
MISC
fasterxml -- jackson-databindIn FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.2022-10-027.5CVE-2022-42004
MISC
MISC
MISC
flyte -- flyteadminFlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the default configuration for Flyte Admin allows access for Flyte Propeller even after turning on authentication via a hardcoded hashed password. This password is also set on the default Flyte Propeller configmap in the various Flyte Helm charts. Users who enable auth but do not override this setting in Flyte Admin’s configuration may unbeknownst to them be allowing public traffic in by way of this default password with attackers effectively impersonating propeller. This only applies to users who have not specified the ExternalAuthorizationServer setting. Usage of an external auth server automatically turns off this default configuration and are not susceptible to this vulnerability. This issue has been addressed in version 1.1.44. Users should manually set the staticClients in the selfAuthServer section of their configuration if they intend to rely on Admin’s internal auth server. Again, users who use an external auth server are automatically protected from this vulnerability.2022-10-067.5CVE-2022-39273
MISC
CONFIRM
MISC
generex -- cs141_firmwareGenerex CS141 before 2.08 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh).2022-10-067.2CVE-2022-42457
MISC
MISC
MISC
google -- androidImproper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.2022-10-077.8CVE-2022-39854
MISC
gridea -- grideaGridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.2022-09-307.8CVE-2022-40274
MISC
MISC
hitachi -- storage_plug-inIncorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects: Hitachi Storage Plug-in for VMware vCenter 04.8.0.2022-10-068.8CVE-2022-2637
MISC
htmly -- htmlyDirectory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.2022-09-308.1CVE-2021-33354
MISC
ibm -- qradar_security_information_and_event_managerIBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889.2022-10-077.5CVE-2022-22480
XF
CONFIRM
ibm -- websphere_automation_for_ibm_cloud_pak_for_watson_aiopsIBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449.2022-10-078.8CVE-2022-22493
XF
CONFIRM
ikus-soft -- rdiffwebAllocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.2022-10-069.8CVE-2022-3273
MISC
CONFIRM
ikus-soft -- rdiffwebAllocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.2022-09-307.5CVE-2022-3371
CONFIRM
MISC
ikus-soft -- rdiffwebPath Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10.2022-10-067.5CVE-2022-3389
CONFIRM
MISC
innovaphone -- innovaphone_firmwareAP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.2022-09-309.8CVE-2022-41870
MISC
joplinapp -- joplinJoplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.2022-09-307.8CVE-2022-40277
MISC
MISC
lighttpd -- lighttpdA resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.2022-10-067.5CVE-2022-41556
MISC
MISC
MISC
linuxfoundation -- dapr_dashboardDapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.2022-10-037.5CVE-2022-38817
MISC
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Elevation of Privilege Vulnerability.2022-10-038.8CVE-2022-41040
MISC
CERT-VN
microsoft -- exchange_serverMicrosoft Exchange Server Remote Code Execution Vulnerability.2022-10-038.8CVE-2022-41082
MISC
CERT-VN
mojoportal -- mojoportalmojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file.2022-09-308.8CVE-2022-40341
MISC
MISC
moodle -- moodleA remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.2022-09-309.8CVE-2022-40314
MISC
MISC
moodle -- moodleA limited SQL injection risk was identified in the "browse list of users" site administration page.2022-09-309.8CVE-2022-40315
MISC
MISC
moodle -- moodleEnabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.2022-10-068.8CVE-2022-2986
MISC
MISC
moodle -- moodleRecursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.2022-09-307.1CVE-2022-40313
MISC
MISC
mybb -- mybbMyBB is a free and open source forum software. The _Mail Settings_ ? Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability.2022-10-067.2CVE-2022-39265
MISC
CONFIRM
MISC
MISC
najeebmedia -- frontend_file_managerThe Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE2022-10-038.8CVE-2022-3125
MISC
nedi -- nediIn certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 <= and NeDi for Suse 1.0.7 <= and NeDi for FreeBSD 1.0.7 <=.2022-10-069.1CVE-2022-40895
MISC
MISC
MISC
octopus -- octopus_serverIn affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.2022-09-309.8CVE-2022-2778
MISC
omron -- cx-programmerOMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.2022-10-069.8CVE-2022-3396
CONFIRM
omron -- cx-programmerOMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.2022-10-069.8CVE-2022-3397
CONFIRM
omron -- cx-programmerOMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.2022-10-069.8CVE-2022-3398
CONFIRM
online_diagnostic_lab_management_system_project -- online_diagnostic_lab_management_systemAn arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.2022-10-077.2CVE-2022-41512
MISC
online_diagnostic_lab_management_system_project -- online_diagnostic_lab_management_systemOnline Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php.2022-10-077.2CVE-2022-41513
MISC
online_diagnostic_lab_management_system_project -- online_diagnostic_lab_management_systemOnline Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=.2022-10-077.2CVE-2022-42073
MISC
online_diagnostic_lab_management_system_project -- online_diagnostic_lab_management_systemOnline Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=.2022-10-077.2CVE-2022-42074
MISC
online_leave_management_system_project -- online_leave_management_systemOnline Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department.2022-10-067.2CVE-2022-41355
MISC
online_pet_shop_we_app_project -- online_pet_shop_we_appOnline Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category.2022-10-077.2CVE-2022-41377
MISC
online_pet_shop_we_app_project -- online_pet_shop_we_appOnline Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory.2022-10-077.2CVE-2022-41378
MISC
open_source_sacco_management_system_project -- open_source_sacco_management_systemOpen Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan.2022-10-077.2CVE-2022-41514
MISC
open_source_sacco_management_system_project -- open_source_sacco_management_systemOpen Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment.2022-10-077.2CVE-2022-41515
MISC
orchest -- orchest### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at rick@orchest.io2022-09-308.1CVE-2022-39268
MISC
MISC
MISC
CONFIRM
phpipam -- phpipamphpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.2022-10-039.8CVE-2022-41443
MISC
pjsip -- pjsipPJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue.2022-10-069.8CVE-2022-39244
MISC
CONFIRM
pjsip -- pjsipPJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.2022-10-069.1CVE-2022-39269
MISC
CONFIRM
pyup -- dependency_parserdparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.2022-10-067.5CVE-2022-39280
MISC
MISC
MISC
CONFIRM
realvnc -- vnc_serverRealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.2022-09-307.8CVE-2022-41975
MISC
samsung -- factorycameraPath traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege.2022-10-077.8CVE-2022-39858
MISC
semtech -- loramac-nodeLoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds write. The function `ProcessRadioRxDone` implicitly expects incoming radio frames to have at least a payload of one byte or more. An empty payload leads to a 1-byte out-of-bounds read of user controlled content when the payload buffer is reused. This allows an attacker to craft a FRAME_TYPE_PROPRIETARY frame with size -1 which results in an 65280-byte out-of-bounds memcopy likely with partially controlled attacker data. Corrupting a large part if the data section is likely to cause a DoS. If the large out-of-bounds write does not immediately crash the attacker may gain control over the execution due to now controlling large parts of the data section. Users are advised to upgrade either by updating their package or by manually applying the patch commit `e851b079`.2022-10-069.8CVE-2022-39274
MISC
MISC
CONFIRM
simple_cold_storage_management_system_project -- simple_cold_storage_management_systemSimple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message.2022-10-067.2CVE-2022-42241
MISC
simple_cold_storage_management_system_project -- simple_cold_storage_management_systemSimple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking.2022-10-067.2CVE-2022-42242
MISC
simple_cold_storage_management_system_project -- simple_cold_storage_management_systemSimple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=.2022-10-067.2CVE-2022-42243
MISC
simple_cold_storage_management_system_project -- simple_cold_storage_management_systemSimple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=.2022-10-067.2CVE-2022-42249
MISC
simple_cold_storage_management_system_project -- simple_cold_storage_management_systemSimple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=.2022-10-067.2CVE-2022-42250
MISC
simple_e-learning_system_project -- simple_e-learning_systemAn SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode.2022-10-079.8CVE-2022-40872
MISC
snyk -- cliSnyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1. This affects, for example, the Snyk TeamCity plugin (which does not update automatically) before 20220930.142957.2022-10-037.8CVE-2022-40764
MISC
MISC
MISC
MISC
solarwinds -- orion_platformA vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.2022-09-308.8CVE-2022-36961
MISC
MISC
sonicjs -- sonicjsSonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.2022-10-019.1CVE-2022-42002
MISC
MISC
swmansion -- react_native_reanimatedThe package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.2022-09-307.5CVE-2022-24373
CONFIRM
CONFIRM
CONFIRM
CONFIRM
sylabs -- singularity_image_formatsyslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.2022-10-069.8CVE-2022-39237
CONFIRM
MISC
tooljet -- tooljetAccount Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the pass2022-10-077.5CVE-2022-3422
CONFIRM
MISC
veritas -- netbackupAn issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.2022-10-039.8CVE-2022-42302
MISC
veritas -- netbackupAn issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.2022-10-039.8CVE-2022-42303
MISC
veritas -- netbackupAn issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.2022-10-039.8CVE-2022-42304
MISC
veritas -- netbackupAn issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.2022-10-039.8CVE-2022-42307
MISC
veritas -- netbackupAn issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.2022-10-038.8CVE-2022-42301
MISC
veritas -- netbackupAn issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.2022-10-037.5CVE-2022-42299
MISC
veritas -- netbackupAn issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.2022-10-037.5CVE-2022-42305
MISC
veritas -- netbackupAn issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.2022-10-037.1CVE-2022-42308
MISC
vmware -- rabbitmqRabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.2022-10-067.5CVE-2022-31008
MISC
CONFIRM
web-based_student_clearance_system_project -- web-based_student_clearance_systemA vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. Affected is an unknown function of the file /Admin/login.php of the component POST Parameter Handler. The manipulation of the argument txtusername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210246 is the identifier assigned to this vulnerability.2022-10-079.8CVE-2022-3414
N/A
N/A

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-305.4CVE-2022-28851
MISC
apache -- commons_jxpathThose using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.2022-10-066.5CVE-2022-40157
MISC
apache -- commons_jxpathThose using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.2022-10-066.5CVE-2022-40158
MISC
apache -- commons_jxpathThose using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.2022-10-066.5CVE-2022-40159
MISC
apache -- commons_jxpathThose using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.2022-10-066.5CVE-2022-40160
MISC
apache -- commons_jxpathThose using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.2022-10-066.5CVE-2022-40161
MISC
avaya -- aura_application_enablement_servicesA vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.2022-10-066.7CVE-2022-2975
MISC
axiosys -- bento4Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary.2022-10-036.5CVE-2022-41419
MISC
axiosys -- bento4Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component.2022-10-036.5CVE-2022-41423
MISC
axiosys -- bento4Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in mp42hls.2022-10-036.5CVE-2022-41424
MISC
axiosys -- bento4Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4decrypt.2022-10-036.5CVE-2022-41425
MISC
axiosys -- bento4Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStream function in mp4split.2022-10-036.5CVE-2022-41426
MISC
axiosys -- bento4Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux.2022-10-036.5CVE-2022-41427
MISC
axiosys -- bento4An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.2022-09-305.5CVE-2022-41841
MISC
axiosys -- bento4An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h.2022-09-305.5CVE-2022-41845
MISC
MISC
axiosys -- bento4An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.2022-09-305.5CVE-2022-41846
MISC
MISC
axiosys -- bento4An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.2022-09-305.5CVE-2022-41847
MISC
MISC
MISC
beckmancoulter -- remisol_advanceThe default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.2022-10-065.5CVE-2022-26237
MISC
MISC
beckmancoulter -- remisol_advanceThe default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.2022-10-065.5CVE-2022-26239
MISC
MISC
bookingultrapro -- booking_ultra_pro_appointments_booking_calendarCross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress.2022-09-306.1CVE-2021-36855
CONFIRM
CONFIRM
bosch -- bosch_video_management_systemInformation Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.2022-09-305.9CVE-2022-32540
CONFIRM
bus_pass_management_system_project -- bus_pass_management_systemBus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.2022-09-306.1CVE-2022-35155
MISC
MISC
MISC
canon -- medical_vitrea_viewMultiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.2022-09-306.1CVE-2022-37461
MISC
MISC
CONFIRM
centreon -- centreonA cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter.2022-10-065.4CVE-2022-39988
MISC
cisco -- aironet_1542d_firmwareA vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.2022-09-304.7CVE-2022-20728
CISCO
cisco -- catalyst_9800-l_firmwareA vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition.2022-09-306.5CVE-2022-20945
CISCO
cisco -- duoA vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a smart card login to bypass Duo authentication. A successful exploit could allow the attacker to use any personal identity verification (PIV) smart card for authentication, even if the smart card is not assigned to the authenticating user.2022-09-306.8CVE-2022-20662
CISCO
cisco -- ios_xeA vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.2022-09-306.7CVE-2022-20855
CISCO
cisco -- ios_xeA vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device.2022-09-306.5CVE-2022-20810
CISCO
cisco -- sd-wanA vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.2022-09-305.3CVE-2022-20844
CISCO
cisco -- sd-wan_vmanageA vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.2022-09-306.7CVE-2022-20930
CISCO
cisco -- wireless_lan_controller_softwareA vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.2022-09-306.5CVE-2022-20769
CISCO
comment_guestbook_project -- comment_guestbookAuthenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress.2022-09-304.8CVE-2021-36830
CONFIRM
CONFIRM
discourse -- discotocDiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories (and have sufficient trust level - configured in component's settings) are able to inject arbitrary HTML on that topic's page. The issue has been fixed on the `main` branch. Admins can update the theme component through the admin UI (Customize -> Themes -> Components -> DiscoTOC -> Check for Updates). Alternatively, admins can temporarily disable the DiscoTOC theme component.2022-10-065.4CVE-2022-39270
MISC
CONFIRM
dnnsoftware -- dotnetnukeRelative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.2022-09-304.9CVE-2022-2922
MISC
CONFIRM
donation_thermometer_project -- donation_thermometerThe Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-10-034.8CVE-2022-3128
MISC
dsgvo-for-wp -- dsgvo_all_in_one_for_wpThe DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-10-034.8CVE-2022-2628
MISC
goolytics_project -- goolyticsThe Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-10-034.8CVE-2022-3132
MISC
heartex -- label_studioA Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.2022-10-036.5CVE-2022-36551
MISC
MISC
MISC
ibm -- cics_txIBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437.2022-10-075.5CVE-2022-34308
CONFIRM
XF
CONFIRM
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user.2022-10-076.5CVE-2022-36772
XF
CONFIRM
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699.2022-10-076.5CVE-2022-41291
XF
CONFIRM
ibm -- qradar_security_information_and_event_managerIBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.2022-10-075.5CVE-2022-30613
XF
CONFIRM
ibm -- robotic_process_automationIBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807.2022-10-066.5CVE-2022-41294
XF
CONFIRM
ibm -- robotic_process_automationIBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125.2022-10-066.1CVE-2022-22503
XF
CONFIRM
ibm -- robotic_process_automationIBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575.2022-10-065.3CVE-2022-36774
XF
CONFIRM
ibm -- robotic_process_automation_for_cloud_pakIBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291.2022-10-066.1CVE-2022-38709
XF
CONFIRM
lief-project -- liefA vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.2022-10-036.5CVE-2022-40922
MISC
lief-project -- liefA vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.2022-09-306.5CVE-2022-40923
MISC
linux -- linux_kernelroccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.2022-09-304.7CVE-2022-41850
MISC
linux -- linux_kerneldrivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.2022-09-304.2CVE-2022-41848
MISC
MISC
linux -- linux_kerneldrivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.2022-09-304.2CVE-2022-41849
MISC
linuxfoundation -- dexDex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.2022-10-066.5CVE-2022-39222
CONFIRM
MISC
mojoportal -- mojoportalmojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system.2022-10-036.5CVE-2022-40123
MISC
MISC
moodle -- moodleThe H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.2022-09-304.3CVE-2022-40316
MISC
MISC
najeebmedia -- frontend_file_managerThe Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server2022-10-035.3CVE-2022-3124
MISC
nasm -- netwide_assemblernasm v2.16 was discovered to contain a stack overflow in the Ndisasm component2022-10-035.5CVE-2022-41420
MISC
octopus -- octopus_serverIn affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.2022-10-065.3CVE-2022-2781
MISC
octopus -- octopus_serverIn affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token2022-10-065.3CVE-2022-2783
MISC
online_diagnostic_lab_management_system_project -- online_diagnostic_lab_management_systemTwo cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.2022-10-076.1CVE-2020-15855
MISC
orchardcore -- orchardcoreIn OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.2022-10-035.4CVE-2022-32173
MISC
MISC
pfsense -- pfsensepfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.2022-10-036.1CVE-2022-42247
MISC
MISC
pingidentity -- pingcentralPingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.2022-09-304.9CVE-2022-23726
MISC
CONFIRM
pulsesecure -- pulse_connect_securePulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.2022-09-305.4CVE-2022-21826
MISC
pyup -- dependency_parserSaleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following information: Estimating database row counts from tables with a sequential primary key or Exposing staff user and customer email addresses and full name through the `assignNavigation()` mutation. This issue has been patched in main and backported to multiple releases (3.7.17, 3.6.18, 3.5.23, 3.4.24, 3.3.26, 3.2.14, 3.1.24). Users are advised to upgrade. There are no known workarounds for this issue.2022-10-064.3CVE-2022-39275
CONFIRM
MISC
quizandsurveymaster -- quiz_and_survey_masterInsecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.2022-09-304.3CVE-2021-36865
CONFIRM
CONFIRM
samsung -- factorycamerafbImproper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.2022-10-075.5CVE-2022-39857
MISC
samsung -- group_sharingImproper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.2022-10-075.3CVE-2022-39877
MISC
samsung -- internetImproper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.2022-10-074.6CVE-2022-39873
MISC
solarwinds -- solarwinds_platformInsufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).2022-09-306.1CVE-2022-36965
CONFIRM
CONFIRM
spacexchimp -- social_media_follow_buttons_barAuthenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress.2022-09-304.8CVE-2021-36839
CONFIRM
CONFIRM
spsoftmobile -- applockAppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.2022-09-306.6CVE-2022-1959
MISC
MISC
suse -- linux_enterprise_serverA Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.2022-10-064.4CVE-2022-31252
CONFIRM
veritas -- netbackupAn issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)2022-10-036.5CVE-2022-42300
MISC
veritas -- netbackupAn issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.2022-10-035.5CVE-2022-42306
MISC
wp_socializer_project -- wp_socializerThe WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-10-034.8CVE-2022-2763
MISC
xgenecloud -- nocodbDenial of Service in GitHub repository nocodb/nocodb prior to 0.92.0.2022-10-076.5CVE-2022-3423
CONFIRM
MISC
xpdfreader -- xpdfAn issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.2022-09-305.5CVE-2022-41842
MISC
MISC
xpdfreader -- xpdfAn issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.2022-09-305.5CVE-2022-41843
MISC
MISC
xpdfreader -- xpdfAn issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.2022-09-305.5CVE-2022-41844
MISC
MISC
MISC
yetiforce -- yetiforce_customer_relationship_managementCross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.2022-10-065.4CVE-2022-3002
MISC
CONFIRM
zephyr-one -- zephyr_project_managerThe Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.2022-10-035.4CVE-2022-2839
MISC
zinclabs -- zincIn Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s credentials.2022-10-065.4CVE-2022-32171
MISC
MISC
zinclabs -- zincIn Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’s credentials.2022-10-065.4CVE-2022-32172
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
dell -- hybrid_clientDell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.2022-09-302.7CVE-2022-34428
MISC
google -- androidExposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.2022-10-073.3CVE-2022-39848
MISC
google -- androidImproper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.2022-10-073.3CVE-2022-39849
MISC
google -- androidImproper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.2022-10-073.3CVE-2022-39850
MISC
google -- androidImproper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information.2022-10-073.3CVE-2022-39856
MISC
samsung -- uphelper_libraryImplicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent.2022-10-073.3CVE-2022-39859
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
aruba -- multiple_productsThere are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.2022-10-07not yet calculatedCVE-2022-37885
MISC
aruba -- multiple_productsAn unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.2022-10-07not yet calculatedCVE-2022-37894
MISC
aruba -- multiple_productsAn unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.2022-10-07not yet calculatedCVE-2022-37895
MISC
aruba -- multiple_productsA vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.2022-10-07not yet calculatedCVE-2022-37896
MISC
aruba -- multiple_products
 
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.2022-10-07not yet calculatedCVE-2022-37886
MISC
aruba -- multiple_products
 
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.2022-10-07not yet calculatedCVE-2022-37887
MISC
aruba -- multiple_products
 
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.2022-10-07not yet calculatedCVE-2022-37889
MISC
aruba -- multiple_products
 
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.2022-10-07not yet calculatedCVE-2022-37890
MISC
aruba -- multiple_products
 
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.2022-10-07not yet calculatedCVE-2022-37891
MISC
aruba -- multiple_products
 
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability.2022-10-07not yet calculatedCVE-2022-37892
MISC
aruba -- multiple_products
 
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.2022-10-07not yet calculatedCVE-2022-37893
MISC
autodesk -- image_processingA maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.2022-10-07not yet calculatedCVE-2021-40162
MISC
autodesk -- image_processingA Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.2022-10-07not yet calculatedCVE-2021-40163
MISC
autodesk -- image_processingA heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.2022-10-07not yet calculatedCVE-2021-40164
MISC
autodesk -- image_processingA maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.2022-10-07not yet calculatedCVE-2021-40165
MISC
autodesk -- image_processingA maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.2022-10-07not yet calculatedCVE-2021-40166
MISC
beckman_coulter -- remisol_advanceA vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows.2022-10-06not yet calculatedCVE-2022-26235
MISC
MISC
beckman_coulter -- remisol_advanceThe default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.2022-10-06not yet calculatedCVE-2022-26236
MISC
MISC
beckman_coulter -- remisol_advanceThe default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.2022-10-06not yet calculatedCVE-2022-26238
MISC
MISC
beckman_coulter -- remisol_advanceThe default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.2022-10-06not yet calculatedCVE-2022-26240
MISC
MISC
codeigniter -- codeigniter
 
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does not affect session cookies. Users are advised to upgrade to v4.2.7 or later. Users unable to upgrade are advised to manually construct their cookies either by setting the options in code or by constructing Cookie objects. Examples of each workaround are available in the linked GHSA.2022-10-06not yet calculatedCVE-2022-39284
MISC
MISC
CONFIRM
MISC
MISC
MISC
discourse -- discourse-chat
 
discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsafe HTML into them. Version 0.9 has addressed this issue. Users are advised to upgrade. There are no known workarounds for this issue.2022-10-06not yet calculatedCVE-2022-39279
CONFIRM
MISC
facebook -- hermesIt was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when asserts were enabled). This issue affects Hermes versions prior to v0.12.0.2022-10-06not yet calculatedCVE-2022-27810
CONFIRM
fat_free_crm -- fat_free_crm
 
fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit `c85a254` and will be available in release `0.20.1`. Users are advised to upgrade or to manually apply patch `c85a254`. There are no known workarounds for this issue.2022-10-08not yet calculatedCVE-2022-39281
MISC
MISC
CONFIRM

gradle_enterprise -- gradle_enterprise

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2.2022-10-07not yet calculatedCVE-2022-41574
MISC
MISC
hancom -- office_2020
 
A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.2022-10-07not yet calculatedCVE-2022-33896
MISC

hsqldb -- hsqldb

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.2022-10-06not yet calculatedCVE-2022-41853
MISC
MISC
ikus060 -- rdiffweb
 
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.2022-10-06not yet calculatedCVE-2022-3376
MISC
CONFIRM
internet_systems_consortium -- dhcp
 
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.2022-10-07not yet calculatedCVE-2022-2928
CONFIRM
internet_systems_consortium -- dhcp
 
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.2022-10-07not yet calculatedCVE-2022-2929
CONFIRM
johnson_controls -- metasys_adx_server
 
On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.2022-10-07not yet calculatedCVE-2022-21936
CERT
CONFIRM

liferay -- liferay_portal

An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.2022-10-07not yet calculatedCVE-2022-41414
MISC
linux -- kernelA vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.2022-10-08not yet calculatedCVE-2022-3435
N/A
N/A
mediatek -- cpu_dvfsIn cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405.2022-10-07not yet calculatedCVE-2022-32592
MISC
mediatek -- imsIn ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID: ALPS07319095.2022-10-07not yet calculatedCVE-2022-26472
MISC
mediatek -- ispIn isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID: ALPS07262305.2022-10-07not yet calculatedCVE-2022-26452
MISC
mediatek -- ril
 
In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259.2022-10-07not yet calculatedCVE-2022-32591
MISC
mediatek -- sensorhubIn sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717.2022-10-07not yet calculatedCVE-2022-26474
MISC
mediatek -- telephonyIn telephony, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319121; Issue ID: ALPS07319121.2022-10-07not yet calculatedCVE-2022-26471
MISC
mediatek -- vdec_fmtIn vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID: ALPS07342197.2022-10-07not yet calculatedCVE-2022-26473
MISC
mediatek -- vowe
 
In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493.2022-10-07not yet calculatedCVE-2022-32593
MISC
mediatek -- wi-fi_driver
 
In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID: ALPS07030600.2022-10-07not yet calculatedCVE-2022-32589
MISC
mediatek -- wlanIn wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743.2022-10-07not yet calculatedCVE-2022-26475
MISC
mediatek -- wlan
 
In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425.2022-10-07not yet calculatedCVE-2022-32590
MISC
nps -- npsNPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters.2022-10-06not yet calculatedCVE-2022-40494
MISC
MISC

online_leave_management_system -- online_leave_management_system

An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.2022-10-07not yet calculatedCVE-2022-41379
MISC

panini -- panini_everest_engine 

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.2022-10-07not yet calculatedCVE-2022-39959
MISC
MISC
perforce -- puppetCommand injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.2022-10-07not yet calculatedCVE-2022-3276
MISC
perforce -- puppet
 
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.2022-10-07not yet calculatedCVE-2022-3275
MISC
picuploader -- picuploaderPicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php.2022-10-07not yet calculatedCVE-2022-41442
MISC
MISC
samsung -- cocktailbarserviceImproper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission.2022-10-07not yet calculatedCVE-2022-39851
MISC

samsung -- dynamic_lockscreen

Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api.2022-10-07not yet calculatedCVE-2022-39862
MISC
samsung -- facmImproper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices.2022-10-07not yet calculatedCVE-2022-39855
MISC

samsung -- factorycamera

Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege.2022-10-07not yet calculatedCVE-2022-39861
MISC
samsung -- libagifencoder.quram.so_libraryA heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution.2022-10-07not yet calculatedCVE-2022-39852
MISC
samsung -- mobileUse after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.2022-10-07not yet calculatedCVE-2022-39847
MISC
samsung -- mousenkeyhiddeviceImproper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.2022-10-07not yet calculatedCVE-2022-36868
MISC
samsung -- perf-mgr_driverA use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.2022-10-07not yet calculatedCVE-2022-39853
MISC
samsung -- quickshareImproper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.2022-10-07not yet calculatedCVE-2022-39860
MISC
samsung -- samsung_accountIntent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.2022-10-07not yet calculatedCVE-2022-39863
MISC

samsung -- samsung_account

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.2022-10-07not yet calculatedCVE-2022-39874
MISC

samsung -- samsung_account

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.2022-10-07not yet calculatedCVE-2022-39875
MISC
samsung -- samsung_checkoutImproper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.2022-10-07not yet calculatedCVE-2022-39878
MISC

samsung -- sharelive

Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.2022-10-07not yet calculatedCVE-2022-39872
MISC

samsung -- smartthings

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.2022-10-07not yet calculatedCVE-2022-39864
MISC

samsung -- smartthings

Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.2022-10-07not yet calculatedCVE-2022-39865
MISC

samsung -- smartthings

Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.2022-10-07not yet calculatedCVE-2022-39866
MISC

samsung -- smartthings

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.2022-10-07not yet calculatedCVE-2022-39867
MISC

samsung -- smartthings

Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.2022-10-07not yet calculatedCVE-2022-39868
MISC

samsung -- smartthings

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.2022-10-07not yet calculatedCVE-2022-39869
MISC

samsung -- smartthings

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.2022-10-07not yet calculatedCVE-2022-39870
MISC

samsung -- smartthings

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.2022-10-07not yet calculatedCVE-2022-39871
MISC
samsung -- sreminderInsertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI.2022-10-07not yet calculatedCVE-2022-39876
MISC
sourcecodester -- student_clearance_system
 
A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been rated as problematic. Affected by this issue is the function prepare of the file /Admin/add-student.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210356.2022-10-08not yet calculatedCVE-2022-3434
N/A
N/A
tiny-csrf -- tiny-csrf
 
tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit `8eead6d` and the patch with be included in version 1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.2022-10-07not yet calculatedCVE-2022-39287
CONFIRM
MISC
totaljs -- totaljsA cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings.2022-10-07not yet calculatedCVE-2022-41392
MISC

totolink -- totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function2022-10-06not yet calculatedCVE-2022-41517
MISC

totolink -- totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi.2022-10-06not yet calculatedCVE-2022-41518
MISC

totolink -- totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function.2022-10-06not yet calculatedCVE-2022-41520
MISC

totolink -- totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function.2022-10-06not yet calculatedCVE-2022-41521
MISC

totolink -- totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function.2022-10-06not yet calculatedCVE-2022-41522
MISC

totolink -- totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function.2022-10-06not yet calculatedCVE-2022-41523
MISC

totolink -- totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function.2022-10-06not yet calculatedCVE-2022-41524
MISC

totolink -- totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi.2022-10-06not yet calculatedCVE-2022-41525
MISC

totolink -- totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function.2022-10-06not yet calculatedCVE-2022-41526
MISC

totolink -- totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function.2022-10-06not yet calculatedCVE-2022-41527
MISC

totolink -- totolink

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.2022-10-06not yet calculatedCVE-2022-41528
MISC
vmware -- multiple_products
 
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.2022-10-07not yet calculatedCVE-2022-31680
MISC
MISC
vmware -- multiple_products
 
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.2022-10-07not yet calculatedCVE-2022-31681
MISC
wedding_planner -- wedding_plannerWedding Planner v1.0 is vulnerable to has arbitrary code execution.2022-10-07not yet calculatedCVE-2022-42075
MISC
zkteco -- zkbiosecurityAn access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.2022-10-07not yet calculatedCVE-2022-36634
MISC
MISC
MISC
zkteco -- zkbiosecurityZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.2022-10-07not yet calculatedCVE-2022-36635
MISC
MISC
MISC
zoneminder -- zoneminderZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.2022-10-07not yet calculatedCVE-2022-39290
CONFIRM
MISC
zoneminder -- zoneminder
 
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the "view=log" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging.2022-10-07not yet calculatedCVE-2022-39285
MISC
MISC
CONFIRM
zoneminder -- zoneminder
 
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.2022-10-07not yet calculatedCVE-2022-39289
MISC
CONFIRM
zoneminder -- zoneminder
 
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the "/zm/index.php" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.2022-10-07not yet calculatedCVE-2022-39291
MISC
MISC
MISC
CONFIRM
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.