Vulnerability Summary for the Week of November 7, 2022

Released
Nov 14, 2022
Document ID
SB22-318

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accusoft -- imagegearAn out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.2022-11-097.8CVE-2022-32588
MISC
acronis -- cyber_protect_home_officeLocal privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.2022-11-077.8CVE-2022-44732
MISC
acronis -- cyber_protect_home_officeLocal privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.2022-11-077.8CVE-2022-44733
MISC
acronis -- cyber_protect_home_officeLocal privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.2022-11-077.8CVE-2022-44747
MISC
acronis -- cyber_protect_home_officeLocal privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.2022-11-077.3CVE-2022-44744
MISC
activity_log_project -- activity_logCSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.2022-11-089.8CVE-2022-27858
CONFIRM
CONFIRM
addify -- role_based_pricing_for_woocommerceThe Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog2022-11-078.8CVE-2022-3536
CONFIRM
addify -- role_based_pricing_for_woocommerceThe Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP2022-11-078.8CVE-2022-3537
CONFIRM
analytify -- analytify_-_google_analytics_dashboardCross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress.2022-11-088.8CVE-2022-38137
CONFIRM
CONFIRM
apache -- commons_bcelApache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.2022-11-079.8CVE-2022-42920
MISC
MLIST
apache -- ivyWith Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse "upwards" using ".." sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1.2022-11-079.1CVE-2022-37865
CONFIRM
apache -- ivyWhen Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.2022-11-077.5CVE-2022-37866
MISC
apache -- pulsarThe Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the ClientCredentialFlow 'issuer url'. The intercepted credentials can be used to acquire authentication data from the OAuth2.0 server to then authenticate with an Apache Pulsar cluster. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. The Apache Pulsar Python Client wraps the C++ client, so it is also vulnerable in the same way. This issue affects Apache Pulsar C++ Client and Python Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0 to 2.10.1; 2.6.4 and earlier. Any users running affected versions of the C++ Client or the Python Client should rotate vulnerable OAuth2.0 credentials, including client_id and client_secret. 2.7 C++ and Python Client users should upgrade to 2.7.5 and rotate vulnerable OAuth2.0 credentials. 2.8 C++ and Python Client users should upgrade to 2.8.4 and rotate vulnerable OAuth2.0 credentials. 2.9 C++ and Python Client users should upgrade to 2.9.3 and rotate vulnerable OAuth2.0 credentials. 2.10 C++ and Python Client users should upgrade to 2.10.2 and rotate vulnerable OAuth2.0 credentials. 3.0 C++ users are unaffected and 3.0 Python Client users will be unaffected when it is released. Any users running the C++ and Python Client for 2.6 or less should upgrade to one of the above patched versions.2022-11-048.1CVE-2022-33684
MISC
arm -- valhall_gpu_kernel_driverAn issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0.2022-11-088.8CVE-2022-41757
MISC
azure -- cyclecloudAzure CycleCloud Elevation of Privilege Vulnerability.2022-11-097.5CVE-2022-41085
MISC
azure -- rtos_guix_studioAzure RTOS GUIX Studio Remote Code Execution Vulnerability.2022-11-097.8CVE-2022-41051
MISC
badgermeter -- moni\In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module.2022-11-077.5CVE-2020-12509
MISC
bd -- totalys_multiprocessor_firmwareBD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability.2022-11-047.8CVE-2022-40263
CONFIRM
canteen_management_system_project -- canteen_management_systemCanteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php.2022-11-077.2CVE-2022-43049
MISC
canteen_management_system_project -- canteen_management_systemCanteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-11-097.2CVE-2022-43277
MISC
canteen_management_system_project -- canteen_management_systemCanteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php.2022-11-097.2CVE-2022-43278
MISC
canteen_management_system_project -- canteen_management_systemCanteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php.2022-11-097.2CVE-2022-43290
MISC
canteen_management_system_project -- canteen_management_systemCanteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php.2022-11-097.2CVE-2022-43291
MISC
canteen_management_system_project -- canteen_management_systemCanteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php.2022-11-097.2CVE-2022-43292
MISC
cisco -- asyncosA vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account.2022-11-048.8CVE-2022-20868
MISC
cisco -- broadworks_commpilot_applicationA vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]2022-11-048.8CVE-2022-20958
MISC
cisco -- email_security_applianceA vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerability by establishing a large number of concurrent TLS connections to an affected device. A successful exploit could allow the attacker to cause the device to drop new TLS email messages that come from the associated email servers. Exploitation of this vulnerability does not cause the affected device to unexpectedly reload. The device will recover autonomously within a few hours of when the attack is halted or mitigated.2022-11-047.5CVE-2022-20960
MISC
cisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"]2022-11-048.8CVE-2022-20956
MISC
cisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user.2022-11-048.8CVE-2022-20961
MISC
cisco -- identity_services_engineA vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges.2022-11-048.8CVE-2022-20962
MISC
citrix -- gatewayUnauthorized access to Gateway user capabilities2022-11-089.8CVE-2022-27510
MISC
citrix -- gatewayUser login brute force protection functionality bypass2022-11-089.8CVE-2022-27516
MISC
citrix -- gatewayRemote desktop takeover via phishing2022-11-089.6CVE-2022-27513
MISC
codection -- import_and_export_users_and_customersThe Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.2022-11-078CVE-2022-3558
CONFIRM
CONFIRM
dedecms -- dedecmsDedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.2022-11-098.8CVE-2022-43031
MISC
MISC
democritus -- d8s-datesThe d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0.2022-11-079.8CVE-2022-44052
MISC
MISC
MISC
democritus -- d8s-networkingThe d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0.2022-11-079.8CVE-2022-44050
MISC
MISC
MISC
democritus -- d8s-networkingThe d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0.2022-11-079.8CVE-2022-44053
MISC
MISC
MISC
democritus -- d8s-pythonThe d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0.2022-11-079.8CVE-2022-43305
MISC
MISC
MISC
democritus -- d8s-pythonThe d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0.2022-11-079.8CVE-2022-44049
MISC
MISC
MISC
democritus -- d8s-statsThe d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0.2022-11-079.8CVE-2022-44051
MISC
MISC
MISC
democritus -- d8s-stringsThe d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.2022-11-079.8CVE-2022-43303
MISC
MISC
MISC
democritus -- d8s-timerThe d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.2022-11-079.8CVE-2022-43304
MISC
MISC
MISC
democritus -- d8s-timerThe d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0.2022-11-078.8CVE-2022-43306
MISC
MISC
MISC
democritus -- d8s-urlsThe d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0.2022-11-079.8CVE-2022-44048
MISC
MISC
MISC
democritus -- d8s-xmlThe d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0.2022-11-079.8CVE-2022-44054
MISC
MISC
MISC
fastify -- websocket@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions.2022-11-087.5CVE-2022-39386
CONFIRM
flowring -- agentflow_bpm
 
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service.2022-11-109.8CVE-2022-39036
MISC
MISC
flowring -- agentflow_bpm
 
Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.2022-11-107.5CVE-2022-39037
MISC
MISC
fluentforms -- contact_formThe Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection2022-11-079.8CVE-2022-3463
CONFIRM
food_ordering_management_system_project -- food_ordering_management_systemFood Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer.2022-11-077.2CVE-2022-42990
MISC
getshortcodes -- shortcodes_ultimateCross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress.2022-11-088.8CVE-2022-41136
CONFIRM
CONFIRM
gifdec_project -- gifdecGifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file.2022-11-077.8CVE-2022-43359
MISC
gitlab -- gitlabLack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account.2022-11-109CVE-2022-3726
MISC
CONFIRM
MISC
gitlab -- gitlabBypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab2022-11-097.5CVE-2022-3285
CONFIRM
MISC
google -- androidIn MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-2438252002022-11-087.8CVE-2021-1050
MISC
google -- androidIn _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-2468247842022-11-087.8CVE-2021-39661
MISC
google -- androidIn navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2386056112022-11-087.8CVE-2022-20441
MISC
google -- androidIn restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2100658772022-11-087.8CVE-2022-20450
MISC
google -- androidIn onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2350988832022-11-087.8CVE-2022-20451
MISC
google -- androidIn initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2401383182022-11-087.8CVE-2022-20452
MISC
google -- androidIn phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2303561962022-11-087.8CVE-2022-20462
MISC
google -- androidIn telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319132; Issue ID: ALPS07319132.2022-11-087.8CVE-2022-32601
MISC
google -- androidImproper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution.2022-11-097.8CVE-2022-39880
MISC
google -- androidHeap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code.2022-11-097.8CVE-2022-39882
MISC
google -- androidImproper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API.2022-11-097.8CVE-2022-39883
MISC
google -- androidIn process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2258765062022-11-087.5CVE-2022-20445
MISC
google -- chromeHeap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)2022-11-099.6CVE-2022-3890
MISC
MISC
google -- chromeUse after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-098.8CVE-2022-3445
MISC
MISC
google -- chromeHeap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-098.8CVE-2022-3446
MISC
MISC
google -- chromeUse after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-098.8CVE-2022-3448
MISC
MISC
google -- chromeUse after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)2022-11-098.8CVE-2022-3449
MISC
MISC
google -- chromeUse after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-098.8CVE-2022-3450
MISC
MISC
google -- chromeUse after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-098.8CVE-2022-3885
MISC
MISC
google -- chromeUse after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-098.8CVE-2022-3886
MISC
MISC
google -- chromeUse after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-098.8CVE-2022-3887
MISC
MISC
google -- chromeUse after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-098.8CVE-2022-3888
MISC
MISC
google -- chromeType confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-098.8CVE-2022-3889
MISC
MISC
grafana -- grafanaGrafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds.2022-11-088.1CVE-2022-39328
CONFIRM
hcltech -- dominoHCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.2022-11-048.8CVE-2022-38660
MISC
html2xhtml_project -- html2xhtmlhtml2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file.2022-11-088.1CVE-2022-44311
MISC
huawei -- emuiThe system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.2022-11-099.8CVE-2022-44562
MISC
MISC
huawei -- emuiMissing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.2022-11-087.5CVE-2022-44556
MISC
huawei -- harmonyosThe DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.2022-11-099.8CVE-2021-46851
MISC
MISC
huawei -- harmonyosThe memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.2022-11-097.5CVE-2021-46852
MISC
MISC
huawei -- harmonyosThe kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.2022-11-097.5CVE-2022-44546
MISC
MISC
huawei -- harmonyosThe Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.2022-11-097.5CVE-2022-44547
MISC
MISC
huawei -- harmonyosThe LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.2022-11-097.5CVE-2022-44549
MISC
MISC
huawei -- harmonyosThe graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.2022-11-097.5CVE-2022-44550
MISC
MISC
human_resource_management_system_project -- human_resource_management_systemHuman Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php.2022-11-078.8CVE-2022-43318
MISC
inhandnetworks -- ir302_firmwareA leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.2022-11-098.8CVE-2022-28689
MISC
CONFIRM
inhandnetworks -- ir302_firmwareA leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability.2022-11-098.8CVE-2022-30543
CONFIRM
MISC
inhandnetworks -- ir302_firmwareA leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.2022-11-098.1CVE-2022-29888
MISC
CONFIRM
jhead_project -- jheadjhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.2022-11-047.8CVE-2021-34055
MISC
linux -- linux_kernelThe Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H2022-11-047.5CVE-2022-43945
MISC
mahara -- maharaMahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.2022-11-069.8CVE-2022-44544
MISC
MISC
mahara -- maharaIn Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.2022-11-067.5CVE-2022-42707
MISC
MISC
maxonerp -- maxonA vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039.2022-11-079.8CVE-2022-3878
MISC
MISC
mediatek -- lr12aIn Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118.2022-11-087.5CVE-2022-26446
MISC
mendix -- samlA vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 7 compatible) (All versions >= V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.2022-11-089.8CVE-2022-44457
MISC
microsoft -- azure_iot_edge_for_linuxWindows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability.2022-11-097CVE-2022-38014
MISC
microsoft -- azure_rtos_filexAzure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This function iterates through the log entries and performs required recovery operations. When properly crafted a log including entries of type `FX_FAULT_TOLERANT_DIR_LOG_TYPE` may be utilized to introduce unexpected behavior. This issue has been patched in version 6.2.0. A workaround to fix line 218 in fx_fault_tolerant_apply_logs.c is documented in the GHSA.2022-11-087.8CVE-2022-39343
CONFIRM
MISC
microsoft -- azure_rtos_usbxAzure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function prevents buffer overflow during handling of DFU UPLOAD command when current state is `UX_SYSTEM_DFU_STATE_DFU_IDLE`. This issue has been patched, please upgrade to version 6.1.12. As a workaround, add the `UPLOAD_LENGTH` check in all possible states.2022-11-049.8CVE-2022-39344
CONFIRM
microsoft -- dwm_core_libraryMicrosoft DWM Core Library Elevation of Privilege Vulnerability.2022-11-097.8CVE-2022-41096
MISC
microsoft -- excelMicrosoft Excel Security Feature Bypass Vulnerability.2022-11-097.8CVE-2022-41104
MISC
microsoft -- excelMicrosoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41063.2022-11-097.8CVE-2022-41106
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.2022-11-099.8CVE-2022-41080
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080.2022-11-097.8CVE-2022-41123
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41079.2022-11-097.5CVE-2022-41078
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41078.2022-11-097.5CVE-2022-41079
MISC
microsoft -- microsoft_excelMicrosoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41106.2022-11-097.8CVE-2022-41063
MISC
microsoft -- microsoft_wodMicrosoft Word Remote Code Execution Vulnerability.2022-11-097.8CVE-2022-41061
MISC
microsoft -- officeMicrosoft Office Graphics Remote Code Execution Vulnerability.2022-11-097.8CVE-2022-41107
MISC
microsoft -- sharepoint
 
Microsoft SharePoint Server Remote Code Execution Vulnerability.2022-11-098.8CVE-2022-41062
MISC
microsoft -- visual_studio_2017Visual Studio Remote Code Execution Vulnerability.2022-11-097.8CVE-2022-41119
MISC
microsoft -- windows_server_2008Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41048.2022-11-098.8CVE-2022-41047
MISC
microsoft -- windows_server_2008Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41047.2022-11-098.8CVE-2022-41048
MISC
microsoft -- windows_server_2008Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.2022-11-098.8CVE-2022-41128
MISC
microsoft -- windows_server_2008Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.2022-11-098.1CVE-2022-37966
MISC
microsoft -- windows_server_2008Netlogon RPC Elevation of Privilege Vulnerability.2022-11-098.1CVE-2022-38023
MISC
microsoft -- windows_server_2008Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41044, CVE-2022-41088.2022-11-098.1CVE-2022-41039
MISC
microsoft -- windows_server_2008Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41088.2022-11-098.1CVE-2022-41044
MISC
microsoft -- windows_server_2008Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41086.2022-11-097.8CVE-2022-37992
MISC
microsoft -- windows_server_2008Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41093, CVE-2022-41100.2022-11-097.8CVE-2022-41045
MISC
microsoft -- windows_server_2008Windows HTTP.sys Elevation of Privilege Vulnerability.2022-11-097.8CVE-2022-41057
MISC
microsoft -- windows_server_2008Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability.2022-11-097.5CVE-2022-41056
MISC
microsoft -- windows_server_2008Windows Network Address Translation (NAT) Denial of Service Vulnerability.2022-11-097.5CVE-2022-41058
MISC
microsoft -- windows_server_2008Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41128.2022-11-097.5CVE-2022-41118
MISC
microsoft -- windows_server_2008Windows Kerberos Elevation of Privilege Vulnerability.2022-11-097.2CVE-2022-37967
MISC
microsoft -- windows_server_2012Windows CNG Key Isolation Service Elevation of Privilege Vulnerability.2022-11-097.8CVE-2022-41125
MISC
microsoft -- windows_sysmonMicrosoft Windows Sysmon Elevation of Privilege Vulnerability.2022-11-097.8CVE-2022-41120
MISC
n-prolog_project -- n-prologN-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c.2022-11-087.5CVE-2022-43343
MISC
nec -- expresscluster_x_singleserversafePath traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.2022-11-089.8CVE-2022-34822
MISC
nec -- expresscluster_x_singleserversafeBuffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.2022-11-089.8CVE-2022-34823
MISC
nec -- expresscluster_x_singleserversafeWeak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.2022-11-089.8CVE-2022-34824
MISC
nec -- expresscluster_x_singleserversafeUncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.2022-11-089.8CVE-2022-34825
MISC
netwrix -- auditorRemote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors.2022-11-089.8CVE-2022-31199
MISC
objectfirst -- object_firstAn issue was discovered in Object First 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in 1.0.13.1611.2022-11-079.8CVE-2022-44796
MISC
objectfirst -- object_firstAn issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611.2022-11-078.8CVE-2022-44794
MISC
online_diagnostic_lab_management_system_project -- online_diagnostic_lab_management_systemOnline Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity.2022-11-099.8CVE-2022-43058
MISC
online_diagnostic_lab_management_system_project -- online_diagnostic_lab_management_systemOnline Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test.2022-11-077.2CVE-2022-43051
MISC
online_diagnostic_lab_management_system_project -- online_diagnostic_lab_management_systemOnline Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete.2022-11-077.2CVE-2022-43052
MISC
online_tours_and_travels_management_system_project -- online_tours_and_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-11-077.2CVE-2022-43050
MISC
openfga -- openfgaOpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset relation (the right hand side of a ‘from’ statement). This issue has been patched in version v0.2.5. This update is not backward compatible with any authorization model that uses wildcard on a tupleset relation.2022-11-089.8CVE-2022-39352
CONFIRM
opensuse -- openldap2A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.2022-11-097.8CVE-2022-31253
CONFIRM
opmc -- woocommerce_dropshippingThe WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection2022-11-079.8CVE-2022-3481
CONFIRM
parseplatform -- parse-serverParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This issue is patched in version 5.3.1 and in 4.10.18. There are no known workarounds.2022-11-109.8CVE-2022-39396
CONFIRM
passwork -- passworkThe PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials.2022-11-077.5CVE-2022-42955
MISC
MISC
passwork -- passworkThe PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.2022-11-077.5CVE-2022-42956
MISC
MISC
pattersondental -- eaglesoftPatterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file.2022-11-077.8CVE-2022-37710
MISC
phoenix_contact -- fl_mguard_dm
 
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections.2022-11-097.5CVE-2021-34579
MISC
powercom_co_ltd -- upsmon_proUPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data.2022-11-107.5CVE-2022-38122
MISC
powercom_co_ltd -- upsmon_pro
 
UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service.2022-11-109.8CVE-2022-38119
MISC
pymatgen -- pymatgenAn exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method2022-11-097.5CVE-2022-42964
MISC
python -- pythonPython 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.2022-11-077.8CVE-2022-42919
MISC
python -- pythonAn issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.2022-11-097.5CVE-2022-45061
MISC
python-poetry -- cleoAn exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method2022-11-097.5CVE-2022-42966
MISC
qemu -- qemuAn off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.2022-11-078.6CVE-2022-3872
MISC
really-simple-plugins -- complianzThe Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML.2022-11-078.8CVE-2022-3494
CONFIRM
roxyfileman -- roxy_filemanRoxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)2022-11-099.8CVE-2022-40797
MISC
MISC
MISC
samsung -- billingImproper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information.2022-11-097.5CVE-2022-39890
MISC
samsung -- exynos_firmwareImproper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory.2022-11-099.1CVE-2022-39881
MISC
samsung -- passImproper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.2022-11-099.8CVE-2022-39892
MISC
sanitization_management_system_project -- sanitization_management_systemA vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=save_quote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213012.2022-11-059.8CVE-2022-3868
N/A
N/A
sanitization_management_system_project -- sanitization_management_systemSanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry.2022-11-077.2CVE-2022-43350
MISC
sanitization_management_system_project -- sanitization_management_systemSanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote.2022-11-077.2CVE-2022-43352
MISC
sap -- 3d_visual_enterprise_viewerDue to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random, based on access rights of the memory, repeated success is not assured.2022-11-087.8CVE-2022-41211
MISC
MISC
sap -- businessobjects_business_intelligenceIn some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system.2022-11-088.8CVE-2022-41203
MISC
MISC
schneider-electric -- ecostruxure_operator_terminal_expertA CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).2022-11-047.8CVE-2022-41669
MISC
schneider-electric -- ecostruxure_operator_terminal_expertA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).2022-11-047.8CVE-2022-41670
MISC
schneider-electric -- ecostruxure_operator_terminal_expertA CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).2022-11-047.8CVE-2022-41671
MISC
siemens -- 7kg9501-0aa01-2aa1_firmwareA vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session.2022-11-088.8CVE-2022-43398
MISC
siemens -- 7kg9501-0aa01-2aa1_firmwareA vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.2022-11-088.8CVE-2022-43439
MISC
siemens -- 7kg9501-0aa01-2aa1_firmwareA vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.2022-11-088.8CVE-2022-43545
MISC
siemens -- 7kg9501-0aa01-2aa1_firmwareA vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.2022-11-088.8CVE-2022-43546
MISC
siemens -- jt2goA vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process.2022-11-087.8CVE-2022-39136
MISC
siemens -- jt2goA vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.2022-11-087.8CVE-2022-41660
MISC
siemens -- jt2goA vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.2022-11-087.8CVE-2022-41661
MISC
siemens -- jt2goA vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.2022-11-087.8CVE-2022-41662
MISC
siemens -- jt2goA vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.2022-11-087.8CVE-2022-41663
MISC
siemens -- jt2goA vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.2022-11-087.8CVE-2022-41664
MISC
siemens -- parasolidA vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.0 (All versions >= V34.0.252 < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V34.1 (All versions >= V34.1.242 < V34.1.244), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.0 (All versions >= V35.0.170 < V35.0.184). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17745)2022-11-087.8CVE-2022-39157
MISC
siemens -- parasolidA vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17854)2022-11-087.8CVE-2022-43397
MISC
siemens -- qms_automotiveA vulnerability has been identified in QMS Automotive (All versions). User credentials are stored in plaintext in the database. This could allow an attacker to gain access to credentials and impersonate other users.2022-11-089.1CVE-2022-43958
MISC
simple_e-learning_system_project -- simple_e-learning_systemAn information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.2022-11-077.5CVE-2022-43319
MISC
slidervilla -- testimonial_sliderCross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.2022-11-088.8CVE-2022-44741
CONFIRM
CONFIRM
snowflake -- snowflake-connector-pythonAn exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method2022-11-097.5CVE-2022-42965
MISC
soflyy -- wp_all_importThe Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector.2022-11-077.2CVE-2022-2711
CONFIRM
soflyy -- wp_all_importThe Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files2022-11-077.2CVE-2022-3418
CONFIRM
splunk -- splunkIn Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.2022-11-048.8CVE-2022-43563
MISC
splunk -- splunkIn Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser.2022-11-048.8CVE-2022-43565
MISC
splunk -- splunkIn Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.2022-11-048.8CVE-2022-43567
MISC
MISC
splunk -- splunkIn Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.2022-11-048CVE-2022-43566
MISC
MISC
symantec -- endpoint_detection_and_responseSymantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.2022-11-089.8CVE-2022-37015
MISC
trellix -- intrusion_prevention_system_managerXML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.2022-11-047.2CVE-2022-3340
CONFIRM
tuxera -- ntfs-3gA buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.2022-11-067.8CVE-2022-40284
MISC
MISC
varnish-software -- varnish_cache_plusAn HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.2022-11-097.5CVE-2022-45060
MISC
MISC
varnish_cache_project -- varnish_cacheAn issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.2022-11-097.5CVE-2022-45059
MISC
vmware -- workspace_one_assistVMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.2022-11-099.8CVE-2022-31685
MISC
vmware -- workspace_one_assistVMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.2022-11-099.8CVE-2022-31686
MISC
vmware -- workspace_one_assistVMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.2022-11-099.8CVE-2022-31687
MISC
vmware -- workspace_one_assistVMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.2022-11-099.8CVE-2022-31689
MISC
wago -- i/o-check_serviceIn WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.2022-11-097.5CVE-2021-34568
MISC
wago -- i/o-check_service
 
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.2022-11-099.8CVE-2021-34569
MISC
wago -- i/o-check_service
 
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.2022-11-099.1CVE-2021-34566
MISC
wago -- i/o-check_service
 
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.2022-11-098.2CVE-2021-34567
MISC
wiesemann_&_theis -- multiple_productsMultiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage2022-11-108CVE-2022-42786
MISC
windows -- advanced_local_procedure_callWindows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41100.2022-11-097.8CVE-2022-41093
MISC
windows -- advanced_local_procedure_callWindows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41093.2022-11-097.8CVE-2022-41100
MISC
windows -- bind_filter_driverWindows Bind Filter Driver Elevation of Privilege Vulnerability.2022-11-097CVE-2022-41114
MISC
windows -- digital_media_receiverWindows Digital Media Receiver Elevation of Privilege Vulnerability.2022-11-097.8CVE-2022-41095
MISC
windows -- extensible_file_allocation_tableWindows Extensible File Allocation Table Elevation of Privilege Vulnerability.2022-11-097.8CVE-2022-41050
MISC
windows -- graphics_componentWindows Graphics Component Remote Code Execution Vulnerability.2022-11-097.8CVE-2022-41052
MISC
windows -- kerberosWindows Kerberos Denial of Service Vulnerability.2022-11-097.5CVE-2022-41053
MISC
windows -- overlay_filterWindows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41102.2022-11-097.8CVE-2022-41101
MISC
windows -- overlay_filterWindows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41101.2022-11-097.8CVE-2022-41102
MISC
windows -- point-to-point_tunneling_protocol
 
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41044.2022-11-098.1CVE-2022-41088
MISC
windows -- print_spoolerWindows Print Spooler Elevation of Privilege Vulnerability.2022-11-097.8CVE-2022-41073
MISC
windows -- resilient_file_systemWindows Resilient File System (ReFS) Elevation of Privilege Vulnerability.2022-11-097.8CVE-2022-41054
MISC
windows -- win32Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability.2022-11-097.8CVE-2022-41113
MISC
windows -- win32kWindows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41109.2022-11-097.8CVE-2022-41092
MISC
windows -- win32kWindows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41092.2022-11-097.8CVE-2022-41109
MISC
wolfssl -- wolfsslIn wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)2022-11-079.1CVE-2022-42905
MISC
MISC
xfce -- xfce4-settingsIn Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.2022-11-099.8CVE-2022-45062
MISC
MISC
MISC
MISC
xwiki -- openid_connectXWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the oidc.endpoint.* request parameters (or by using an XWiki-based OpenID provider with oidc.xwikiprovider. With the same approach, one could also provide a specific group mapping through oidc.groups.mapping that would make his user automatically part of the XWikiAdminGroup. This issue has been patched, please upgrade to 1.29.1. There is no workaround, an upgrade of the authenticator is required.2022-11-047.5CVE-2022-39387
MISC
CONFIRM
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
5-anker -- 5_anker_connectAuth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress.2022-11-084.8CVE-2022-30545
CONFIRM
CONFIRM
acronis -- cyber_protect_home_officeSensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.2022-11-075.5CVE-2022-44745
MISC
acronis -- cyber_protect_home_officeSensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.2022-11-075.5CVE-2022-44746
MISC
addify -- product_stock_managerThe Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options2022-11-074.3CVE-2022-3451
CONFIRM
aioseo -- all_in_one_seoServer Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.2022-11-086.5CVE-2022-42494
CONFIRM
CONFIRM
algolplus -- advanced_dynamic_pricing_for_woocommerceCross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration.2022-11-094.3CVE-2022-43488
CONFIRM
CONFIRM
algolplus -- advanced_dynamic_pricing_for_woocommerceCross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.2022-11-084.3CVE-2022-43491
CONFIRM
CONFIRM
algolplus -- advanced_order_exportCross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download.2022-11-086.5CVE-2022-40128
CONFIRM
CONFIRM
bluetooth -- bluetooth_core_specificationAn information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.2022-11-084.3CVE-2020-35473
MISC
MISC
canteen_management_system_project -- canteen_management_systemA cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2022-11-085.4CVE-2022-43144
MISC
MISC
MISC
cisco -- asyncosA vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.2022-11-046.5CVE-2022-20867
MISC
cisco -- asyncosA vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device.2022-11-046.5CVE-2022-20942
MISC
cisco -- broadworks_messaging_serverA vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]2022-11-046.5CVE-2022-20951
MISC
cisco -- email_security_appliance_firmwareA vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses.2022-11-045.3CVE-2022-20772
MISC
cisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid credentials to access the web-based management interface of an affected device.2022-11-045.4CVE-2022-20963
MISC
cisco -- identity_services_engineA vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability.2022-11-045.3CVE-2022-20937
MISC
cisco -- umbrellaA vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.2022-11-045.4CVE-2022-20969
MISC
codeandmore -- wp_page_widgetCross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change.2022-11-084.3CVE-2022-32587
CONFIRM
CONFIRM
csphere -- clansphereA cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter.2022-11-096.1CVE-2022-43119
MISC
diagrams -- drawioCross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.2022-11-076.1CVE-2022-3873
CONFIRM
MISC
diplib -- diplibdiplib v3.0.0 is vulnerable to Double Free.2022-11-046.5CVE-2021-39432
MISC
MISC
electronjs -- electronThe Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround.2022-11-086.1CVE-2022-36077
CONFIRM
eyesofnetwork -- web_interfaceEyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php.2022-11-086.1CVE-2022-41434
MISC
eyesofnetwork -- web_interfaceEyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php.2022-11-084.8CVE-2022-41432
MISC
eyesofnetwork -- web_interfaceEyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php.2022-11-084.8CVE-2022-41433
MISC
f-secure -- safeWithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 3 of 5).2022-11-076.5CVE-2022-38164
MISC
MISC
fatcatapps -- analytics_catCross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change.2022-11-084.3CVE-2022-27855
CONFIRM
CONFIRM
feehi -- feehicmsFeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer.2022-11-096.1CVE-2022-43320
MISC
flatcore -- flatcore-cmsA cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field.2022-11-096.1CVE-2022-43118
MISC
food_ordering_management_system_project -- food_ordering_management_systemFood Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.2022-11-074.8CVE-2022-43046
MISC
froxlor -- froxlorCode Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.2022-11-056.1CVE-2022-3869
CONFIRM
MISC
gitlab -- gitlabAn open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.2022-11-096.1CVE-2022-3280
CONFIRM
MISC
MISC
gitlab -- gitlabAn open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.2022-11-096.1CVE-2022-3486
MISC
MISC
CONFIRM
gitlab -- gitlabA cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.2022-11-095.4CVE-2022-3265
MISC
MISC
CONFIRM
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.2022-11-095.4CVE-2022-3483
MISC
MISC
CONFIRM
gitlab -- gitlabAn information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to.2022-11-095.3CVE-2022-2761
MISC
MISC
CONFIRM
gitlab -- gitlabAn improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to.2022-11-105.3CVE-2022-3793
CONFIRM
MISC
gitlab -- gitlabAn uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance.2022-11-105.3CVE-2022-3818
MISC
CONFIRM
gitlab -- gitlabIncorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.2022-11-104.3CVE-2022-3413
MISC
CONFIRM
gitlab -- gitlabImproper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project.2022-11-104.3CVE-2022-3706
MISC
CONFIRM
gitlab -- gitlabAn improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.2022-11-104.3CVE-2022-3819
CONFIRM
MISC
google -- androidIn typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262364; Issue ID: ALPS07262364.2022-11-086.8CVE-2022-32617
MISC
google -- androidIn typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262454; Issue ID: ALPS07262454.2022-11-086.8CVE-2022-32618
MISC
google -- androidIn fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2420961642022-11-086.7CVE-2022-20454
MISC
google -- androidIn vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID: ALPS06382421.2022-11-086.7CVE-2022-21778
MISC
google -- androidIn gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704.2022-11-086.7CVE-2022-32603
MISC
google -- androidIn isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ALPS07213898.2022-11-086.7CVE-2022-32605
MISC
google -- androidIn aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891.2022-11-086.7CVE-2022-32607
MISC
google -- androidIn isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373.2022-11-086.7CVE-2022-32611
MISC
google -- androidIn audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571.2022-11-086.7CVE-2022-32614
MISC
google -- androidIn ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559.2022-11-086.7CVE-2022-32615
MISC
google -- androidIn isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341258; Issue ID: ALPS07341258.2022-11-086.7CVE-2022-32616
MISC
google -- androidIn PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2336044852022-11-086.5CVE-2022-20447
MISC
google -- androidIn jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753.2022-11-086.4CVE-2022-32608
MISC
google -- androidIn vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410.2022-11-086.4CVE-2022-32609
MISC
google -- androidIn vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476.2022-11-086.4CVE-2022-32610
MISC
google -- androidIn vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500.2022-11-086.4CVE-2022-32612
MISC
google -- androidIn vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340.2022-11-086.4CVE-2022-32613
MISC
google -- androidIn setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2344414632022-11-085.5CVE-2022-20414
MISC
google -- androidIn multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2362632942022-11-085.5CVE-2022-20426
MISC
google -- androidIn buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2375404082022-11-085.5CVE-2022-20448
MISC
google -- androidIn update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2406851042022-11-085.5CVE-2022-20453
MISC
google -- androidIn getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2439247842022-11-085.5CVE-2022-20457
MISC
google -- androidIn keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388790; Issue ID: ALPS07388790.2022-11-085.5CVE-2022-32602
MISC
google -- androidIn dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2185000362022-11-084.6CVE-2022-20465
MISC
google -- chromeInappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)2022-11-094.3CVE-2022-3447
MISC
MISC
grafana -- grafanaGrafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds.2022-11-095.3CVE-2022-39307
CONFIRM
gvectors -- wpforo_forumCross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.2022-11-085.4CVE-2022-40632
CONFIRM
CONFIRM
gvectors -- wpforo_forumInsecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.2022-11-084.3CVE-2022-40205
CONFIRM
CONFIRM
gvectors -- wpforo_forumInsecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.2022-11-084.3CVE-2022-40206
CONFIRM
CONFIRM
hcltech -- dominoHCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record.2022-11-045.5CVE-2022-38654
MISC
highlight_focus_project -- highlight_focusThe Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-11-074.8CVE-2022-3462
CONFIRM
hotelmanager_project -- hotelmanagerSaibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields.2022-11-045.4CVE-2021-39473
MISC
MISC
huawei -- harmonyosThere is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.2022-11-095.9CVE-2022-44563
MISC
MISC
huawei -- harmonyosThere is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.2022-11-094.3CVE-2022-44548
MISC
MISC
human_resource_management_system_project -- human_resource_management_systemA cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2022-11-076.1CVE-2022-43317
MISC
infotel -- taskliststasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting (XSS) - Create XSS in task content (when add it). This issue is patched in version 2.0.3. There are no known workarounds.2022-11-106.1CVE-2022-39398
CONFIRM
MISC
inhandnetworks -- ir302_firmwareA leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.2022-11-096.5CVE-2022-26023
MISC
CONFIRM
inhandnetworks -- ir302_firmwareA leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.2022-11-096.5CVE-2022-29481
CONFIRM
MISC
intelliants -- subrion_cmsA cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.2022-11-096.1CVE-2022-43120
MISC
intelliants -- subrion_cmsA cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.2022-11-096.1CVE-2022-43121
MISC
joomla -- joomla\!An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.2022-11-086.1CVE-2022-27914
MISC
kaden -- picoflux_air_water_meterIn the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device.2022-11-096.5CVE-2021-34577
MISC
lenovo -- elan_miniport_touchpad_driverELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.2022-11-074.7CVE-2021-42205
MISC
mcafee -- data_exchange_layerPrivilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker.2022-11-075.5CVE-2022-2188
MISC
microsoft -- .net_framework.NET Framework Information Disclosure Vulnerability.2022-11-095.8CVE-2022-41064
MISC
microsoft -- bitlockerBitLocker Security Feature Bypass Vulnerability.2022-11-094.6CVE-2022-41099
MISC
microsoft -- dynamics_365_business_centralMicrosoft Business Central Information Disclosure Vulnerability.2022-11-094.4CVE-2022-41066
MISC
microsoft -- microsoft_wordMicrosoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41103.2022-11-095.5CVE-2022-41060
MISC
microsoft -- microsoft_wordMicrosoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41060.2022-11-095.5CVE-2022-41103
MISC
microsoft -- network_policy_server_radiusNetwork Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability.2022-11-096.5CVE-2022-41097
MISC
microsoft -- officeMicrosoft Excel Information Disclosure Vulnerability.2022-11-095.5CVE-2022-41105
MISC
microsoft -- sharepoint_foundationMicrosoft SharePoint Server Spoofing Vulnerability.2022-11-096.5CVE-2022-41122
MISC
microsoft -- windows_10Windows Hyper-V Denial of Service Vulnerability.2022-11-096.5CVE-2022-38015
MISC
microsoft -- windows_server_2008Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37992.2022-11-096.4CVE-2022-41086
MISC
microsoft -- windows_server_2019Windows Human Interface Device Information Disclosure Vulnerability.2022-11-095.5CVE-2022-41055
MISC
net-snmp -- net-snmphandle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.2022-11-076.5CVE-2022-44792
MISC
MISC
net-snmp -- net-snmphandle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.2022-11-076.5CVE-2022-44793
MISC
MISC
objectfirst -- object_firstAn issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611.2022-11-076.5CVE-2022-44795
MISC
openzeppelin -- contractsOpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization.2022-11-045.6CVE-2022-39384
MISC
CONFIRM
paloaltonetworks -- cortex_xsoarA local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.2022-11-096.7CVE-2022-0031
MISC
perfexcrm -- perfex_crmperfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.2022-11-085.4CVE-2021-40303
MISC
picoc_project -- picocPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator.2022-11-085.5CVE-2022-44312
MISC
MISC
picoc_project -- picocPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall.2022-11-085.5CVE-2022-44313
MISC
MISC
picoc_project -- picocPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.2022-11-085.5CVE-2022-44314
MISC
MISC
picoc_project -- picocPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall.2022-11-085.5CVE-2022-44315
MISC
MISC
picoc_project -- picocPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken.2022-11-085.5CVE-2022-44316
MISC
MISC
picoc_project -- picocPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.2022-11-085.5CVE-2022-44317
MISC
MISC
picoc_project -- picocPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall.2022-11-085.5CVE-2022-44318
MISC
MISC
picoc_project -- picocPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall.2022-11-085.5CVE-2022-44319
MISC
MISC
picoc_project -- picocPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall.2022-11-085.5CVE-2022-44320
MISC
MISC
picoc_project -- picocPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken.2022-11-085.5CVE-2022-44321
MISC
MISC
powercom_co_ltd -- upsmon_proUPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.2022-11-106.5CVE-2022-38120
MISC
powercom_co_ltd -- upsmon_proUPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.2022-11-106.5CVE-2022-38121
MISC
rymera -- advanced_couponsCross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal.2022-11-084.3CVE-2022-43481
CONFIRM
CONFIRM
samsung -- editor_liteHeap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information.2022-11-095.5CVE-2022-39891
MISC
sandhillsdev -- easy_digital_downloadsThe Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack2022-11-074.3CVE-2022-2387
CONFIRM
sanitization_management_system_project -- sanitization_management_systemSanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.2022-11-076.5CVE-2022-43351
MISC
sap -- biller_directSAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information.2022-11-086.1CVE-2022-41207
MISC
MISC
sap -- financial_consolidationDue to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application.2022-11-086.5CVE-2022-41258
MISC
MISC
sap -- financial_consolidationSAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.2022-11-086.1CVE-2022-41260
MISC
MISC
sap -- financial_consolidationDue to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application.2022-11-085.4CVE-2022-41208
MISC
MISC
sap -- guiSAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application.2022-11-086.1CVE-2022-41205
MISC
MISC
sap -- netweaver_application_server_abapDue to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application.2022-11-086.5CVE-2022-41214
MISC
MISC
sap -- netweaver_application_server_abapDue to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application.2022-11-084.9CVE-2022-41212
MISC
MISC
sap -- netweaver_application_server_abapSAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.2022-11-084.7CVE-2022-41215
MISC
MISC
sap -- sql_anywhereSAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor.2022-11-086.5CVE-2022-41259
MISC
MISC
searchwp -- searchwpNonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.2022-11-084.3CVE-2022-40223
CONFIRM
CONFIRM
shopwind -- shopwindShopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.2022-11-096.1CVE-2022-43321
MISC
MISC
simple_video_embedder_project -- simple_video_embedderAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress.2022-11-095.4CVE-2022-44590
CONFIRM
CONFIRM
splunk -- splunkIn Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.2022-11-046.5CVE-2022-43564
MISC
splunk -- splunkIn Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.2022-11-046.5CVE-2022-43570
MISC
splunk -- splunkIn Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing.2022-11-046.5CVE-2022-43572
MISC
splunk -- splunkIn Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.2022-11-046.1CVE-2022-43568
MISC
MISC
splunk -- splunkIn Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.2022-11-045.4CVE-2022-43562
MISC
splunk -- splunkIn Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.2022-11-045.4CVE-2022-43569
MISC
MISC
stiltsoft -- handy_macros_for_confluenceThe Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.2022-11-045.4CVE-2022-44724
MISC
systemd_project -- systemdAn off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.2022-11-085.5CVE-2022-3821
MISC
MISC
MISC
MISC
vmware -- workspace_one_assistVMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.2022-11-096.1CVE-2022-31688
MISC
watchdog -- anti-virusIncorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files.2022-11-046.5CVE-2022-38582
MISC
webartesanal -- mantenimiento_webAuth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress.2022-11-084.8CVE-2022-41980
CONFIRM
CONFIRM
weberge -- wp_hideThe WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request2022-11-075.3CVE-2022-3489
CONFIRM
windows -- gdi+Windows GDI+ Information Disclosure Vulnerability.2022-11-095.5CVE-2022-41098
MISC
windows -- mark_of_the_web_security_featureWindows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41091.2022-11-095.4CVE-2022-41049
MISC
windows -- mark_of_the_web_security_featureWindows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.2022-11-095.4CVE-2022-41091
MISC
windows -- point-to-point_tunneling_protocolWindows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41116.2022-11-095.9CVE-2022-41090
MISC
windows -- point-to-point_tunneling_protocolWindows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41090.2022-11-095.9CVE-2022-41116
MISC
windows_and_linux -- nvidia_gpu_display_driverNVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.2022-11-106.5CVE-2022-34666
MISC
wpadvancedads -- advanced_ads_-_ad_manager_\&_adsenseAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress.2022-11-084.8CVE-2022-32776
CONFIRM
CONFIRM
zkteco -- biotimeZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.2022-11-085.3CVE-2022-30515
MISC
MISC
zohocorp -- zoho_crm_lead_magnetAuth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.2022-11-096.5CVE-2022-41978
CONFIRM
CONFIRM
zte -- zaip-aieThere is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.2022-11-085.3CVE-2022-39069
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
f-secure -- safeWithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 2 of 5).2022-11-073.5CVE-2022-38163
MISC
MISC
google -- androidIn AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-2297939432022-11-083.3CVE-2022-20446
MISC
google -- androidIn factoryReset of WifiServiceImpl, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to a local non-security issue across network factory resets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2319852272022-11-083.3CVE-2022-20463
MISC
google -- androidImproper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid.2022-11-093.3CVE-2022-39879
MISC
google -- androidImproper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information.2022-11-093.3CVE-2022-39884
MISC
google -- androidImproper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.2022-11-093.3CVE-2022-39885
MISC
google -- androidImproper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.2022-11-093.3CVE-2022-39886
MISC
google -- androidImproper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting.2022-11-093.3CVE-2022-39887
MISC
samsung -- galaxy_buds_pro_manageSensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log.2022-11-093.3CVE-2022-39893
MISC
samsung -- galaxywatch4pluginImproper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.2022-11-093.3CVE-2022-39889
MISC
siemens -- simatic_wincc_runtimeA vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.2022-11-083.5CVE-2022-30694
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
agentflow --bpm_enterprise_management_systemAgentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.2022-11-10not yet calculatedCVE-2022-39038
MISC
MISC
amd -- link_androidInsufficient access controls in the AMD Link Android app may potentially result in information disclosure.2022-11-09not yet calculatedCVE-2022-27673
MISC
amd -- multiple_productsImproper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.2022-11-09not yet calculatedCVE-2020-12930
MISC
amd -- multiple_productsImproper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.2022-11-09not yet calculatedCVE-2020-12931
MISC
amd -- multiple_productsAn attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.2022-11-09not yet calculatedCVE-2021-26360
MISC
amd -- multiple_productsInsufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.2022-11-09not yet calculatedCVE-2021-26391
MISC
amd -- multiple_productsInsufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.2022-11-09not yet calculatedCVE-2021-26392
MISC
amd -- multiple_productsInsufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.2022-11-09not yet calculatedCVE-2021-26393
MISC
amd -- processorsIBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.2022-11-09not yet calculatedCVE-2022-23824
MISC
MLIST
amd -- μProfInsufficient validation of the IOCTL input buffer in AMD ?Prof may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.2022-11-09not yet calculatedCVE-2022-23831
MISC
amd -- μProfInsufficient validation in the IOCTL input/output buffer in AMD ?Prof may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.2022-11-09not yet calculatedCVE-2022-27674
MISC

arches -- arches

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds.2022-11-11not yet calculatedCVE-2022-41892
CONFIRM
ayacms -- ayacmsAyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-11-10not yet calculatedCVE-2022-43074
MISC
bmc_remedy -- bmc_remedyAn issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field. NOTE: the vendor's position is that "no real impact is demonstrated."2022-11-10not yet calculatedCVE-2022-26088
MISC
btcd -- btcdbtcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.2022-11-07not yet calculatedCVE-2022-44797
MISC
MISC
MISC
MISC
cbrn-analysis -- cbrn-analysisCBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation.2022-11-12not yet calculatedCVE-2022-45193
MISC
cbrn-analysis -- cbrn-analysisCBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure.2022-11-12not yet calculatedCVE-2022-45194
MISC

contiki-ng -- contiki-ng

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub.2022-11-11not yet calculatedCVE-2022-41873
CONFIRM
MISC
deeplearning4j -- deeplearning4jDeeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.2022-11-10not yet calculatedCVE-2022-36022
CONFIRM
MISC
dotcms -- dotcmsdotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. (This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users.) Some Java application frameworks, including those used by Spring or Tomcat, allow the use of matrix parameters: these are URI parameters separated by semicolons. Through precise semicolon placement in a URI, it is possible to exploit this feature to avoid dotCMS's path-based XSS prevention (such as "require login" filters), and consequently access restricted resources. For example, an attacker could place a semicolon immediately before a / character that separates elements of a filesystem path. This could reveal file content that is ordinarily only visible to signed-in users. This issue can be chained with other exploit code to achieve XSS attacks against dotCMS.2022-11-10not yet calculatedCVE-2022-35740
MISC
MISC

drogon -- drogon

A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464.2022-11-11not yet calculatedCVE-2022-3959
N/A
N/A
N/A
N/A
eclipse -- californiumEclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached without being released again. This results in permanently dropping records. The issue was reported for certificate based handshakes, but may also affect PSK based handshakes. It generally affects client and server as well. This issue is patched in version 3.7.0 and 2.7.4. There are no known workarounds. main: commit 726bac57659410da463dcf404b3e79a7312ac0b9 2.7.x: commit 5648a0c27c2c2667c98419254557a14bac2b1f3f2022-11-10not yet calculatedCVE-2022-39368
CONFIRM
MISC
MISC

element_ios -- element_ios

Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds.2022-11-11not yet calculatedCVE-2022-41904
MISC
CONFIRM
eolinker -- goku_liteA vulnerability classified as critical has been found in eolinker goku_lite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213453 was assigned to this vulnerability.2022-11-11not yet calculatedCVE-2022-3947
N/A
N/A
N/A
eolinker -- goku_liteA vulnerability classified as critical was found in eolinker goku_lite. This vulnerability affects unknown code of the file /plugin/getList. The manipulation of the argument route/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-213454 is the identifier assigned to this vulnerability.2022-11-11not yet calculatedCVE-2022-3948
N/A
N/A
N/A

espcms -- espcms 

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT.2022-11-10not yet calculatedCVE-2022-44087
MISC
MISC

espcms -- espcms 

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION.2022-11-10not yet calculatedCVE-2022-44088
MISC
MISC

espcms -- espcms 

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE.2022-11-10not yet calculatedCVE-2022-44089
MISC
MISC
etic_telecom -- remote_access_serverAll versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.2022-11-10not yet calculatedCVE-2022-3703
MISC
etic_telecom -- remote_access_serverAll versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.2022-11-10not yet calculatedCVE-2022-40981
MISC
etic_telecom -- remote_access_serverAll versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.2022-11-10not yet calculatedCVE-2022-41607
MISC
exiv2 -- exiv2A vulnerability was found in Exiv2. It has been classified as problematic. This affects the function QuickTimeVideo::multipleEntriesDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to infinite loop. It is possible to initiate the attack remotely. The name of the patch is 771ead87321ae6e39e5c9f6f0855c58cde6648f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213459.2022-11-11not yet calculatedCVE-2022-3953
N/A
N/A
N/A
fortbridge -- plesk_obsidianPlesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers.2022-11-10not yet calculatedCVE-2022-45130
MISC
foru -- cmsA vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability.2022-11-11not yet calculatedCVE-2022-3943
N/A
N/A

foxit -- foxit_reader

An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.2022-11-09not yet calculatedCVE-2022-43310
MISC
MISC
MISC

gnuboard5 -- gnuboard5

A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540.2022-11-12not yet calculatedCVE-2022-3963
N/A
N/A
go -- velaVela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to Server 0.16.0, Worker 0.16.0, and UI 0.17.0 to fix the issue. After upgrading, Vela administrators will need to explicitly change the default settings to configure Vela as desired. Some of the fixes will interrupt existing workflows and will require Vela administrators to modify default settings. However, not applying the patch (or workarounds) will continue existing risk exposure. Some workarounds are available. Vela administrators can adjust the worker's `VELA_RUNTIME_PRIVILEGED_IMAGES` setting to be explicitly empty, leverage the `VELA_REPO_ALLOWLIST` setting on the server component to restrict access to a list of repositories that are allowed to be enabled, and/or audit enabled repositories and disable pull_requests if they are not needed.2022-11-10not yet calculatedCVE-2022-39395
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
gpac -- gpacA vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.2022-11-11not yet calculatedCVE-2022-3957
N/A
N/A
grafana -- grafanaGrafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. This introduces a vulnerability which can be used with malicious intent. This issue is patched in version 9.2.4, and has been backported to 8.5.15. There are no known workarounds.2022-11-09not yet calculatedCVE-2022-39306
CONFIRM
graphql -- graphqlezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically administrators and editors. This issue has been patched in versions 2.3.12, and 1.0.13 on the 1.X branch. Users unable to upgrade can remove the "passwordHash" entry from "src/bundle/Resources/config/graphql/User.types.yaml" in the GraphQL package, and other properties like hash type, email, login if you prefer.2022-11-10not yet calculatedCVE-2022-41876
CONFIRM

hashicorp -- nomad_enterprise

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.2022-11-10not yet calculatedCVE-2022-3866
MISC

hashicorp -- nomad_enterprise

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.2022-11-10not yet calculatedCVE-2022-3867
MISC
huawei -- harmonyosThe iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.2022-11-09not yet calculatedCVE-2022-44551
MISC
MISC
huawei -- harmonyosThe lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.2022-11-09not yet calculatedCVE-2022-44552
MISC
MISC
huawei -- harmonyosThe HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.2022-11-09not yet calculatedCVE-2022-44553
MISC
MISC
huawei -- harmonyosThe power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.2022-11-09not yet calculatedCVE-2022-44554
MISC
MISC
huawei -- harmonyosThe DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.2022-11-09not yet calculatedCVE-2022-44555
MISC
MISC
huawei -- harmonyosThe SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.2022-11-09not yet calculatedCVE-2022-44557
MISC
MISC
huawei -- harmonyosThe AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.2022-11-09not yet calculatedCVE-2022-44558
MISC
MISC
huawei -- harmonyosThe AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.2022-11-09not yet calculatedCVE-2022-44559
MISC
MISC
huawei -- harmonyosThe launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.2022-11-09not yet calculatedCVE-2022-44560
MISC
MISC
huawei -- harmonyosThe preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.2022-11-09not yet calculatedCVE-2022-44561
MISC
MISC

hyperledger -- hyperledger_fabric

Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.2022-11-12not yet calculatedCVE-2022-45196
MISC
MISC
ibm -- cloud_pak_for_securityIBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663.2022-11-11not yet calculatedCVE-2022-36776
MISC
MISC
ibm -- cloud_pak_for_securityIBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786.2022-11-11not yet calculatedCVE-2022-38387
MISC
MISC
ibm -- multiple_productsIBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.2022-11-11not yet calculatedCVE-2022-31772
MISC
MISC
ibm -- powervm_hypervisorAfter performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.2022-11-11not yet calculatedCVE-2022-34331
MISC
MISC
ibm -- websphere_application_serverIBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.2022-11-11not yet calculatedCVE-2022-40750
MISC
MISC
inhand_networks-- inrouter302The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.2022-11-09not yet calculatedCVE-2022-25932
MISC
CONFIRM
intel -- advanced_link_analyzer_proUncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-27638
MISC
intel -- amtImproper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2021-33159
MISC
intel -- amtImproper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.2022-11-11not yet calculatedCVE-2022-26845
MISC
intel -- amtNull pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access.2022-11-11not yet calculatedCVE-2022-27497
MISC

intel -- amt

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access.2022-11-11not yet calculatedCVE-2022-29893
MISC

intel -- dcm

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.2022-11-11not yet calculatedCVE-2022-33942
MISC
intel -- distribution_of_openvino_toolkitImproper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access.2022-11-11not yet calculatedCVE-2021-26251
MISC
intel -- emaCross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-30297
MISC

intel -- glorp

Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-30548
MISC
intel -- hyperscan_libraryImproper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access.2022-11-11not yet calculatedCVE-2022-29486
MISC
intel -- multiple_productsImproper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-21794
MISC
intel -- multiple_productsImproper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-26024
MISC
intel -- multiple_productsImproper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-26124
MISC
intel -- multiple_productsInsufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access.2022-11-11not yet calculatedCVE-2022-26341
MISC

intel -- multiple_products

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-33176
MISC
intel -- multiple_productsImproper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-34152
MISC
intel -- multiple_productsInsecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.2022-11-11not yet calculatedCVE-2022-36349
MISC

intel -- multiple_products

Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-36370
MISC
intel -- multiple_productsImproper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-36789
MISC

intel -- multiple_products

Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-37334
MISC

intel -- nuc

Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-35276
MISC

intel -- nuc_11_compute_elements

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-38099
MISC

intel -- nuc_kit_wireless_adapter

Incorrect default permissions in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-36377
MISC
intel -- nuc_kit_wireless_adapterUncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-36380
MISC
intel -- nuc_kit_wireless_adapterUnquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-36384
MISC
intel -- nuc_kit_wireless_adapterPath traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-36400
MISC
intel -- nuc_kitsImproper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-37345
MISC

intel -- nuc_m15_laptop_kits

Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-32569
MISC
intel -- nucsImproper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2021-33164
MISC
intel -- presentmonUncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-26086
MISC
intel -- processorsTime-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-21198
MISC
intel -- processorsImproper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-26006
MISC
intel -- proset/wireless_wifiOut-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access.2022-11-11not yet calculatedCVE-2022-28667
MISC
intel -- quartus_prime_proXML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.2022-11-11not yet calculatedCVE-2022-27233
MISC
intel -- quartus_prime_standardUncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-27187
MISC
intel -- sdp_toolImproper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access.2022-11-11not yet calculatedCVE-2022-26508
MISC
intel -- server_board_m10jnp_familyImproper input validation in the firmware for some Intel(R) Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access.2022-11-10not yet calculatedCVE-2021-0185
MISC
intel -- server_board_m50cyp_familyUncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access.2022-11-11not yet calculatedCVE-2022-25917
MISC

intel -- server_systems

Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-30542
MISC
intel -- sgx_sdkPremature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.2022-11-11not yet calculatedCVE-2022-27499
MISC
intel -- spsImproper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access.2022-11-11not yet calculatedCVE-2022-29466
MISC

intel -- sps_chipsets

Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.2022-11-11not yet calculatedCVE-2022-29515
MISC
intel -- support_android_applicationUncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access.2022-11-11not yet calculatedCVE-2022-30691
MISC

intel -- support_android_application

Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access.2022-11-11not yet calculatedCVE-2022-36367
MISC
intel -- system_studioUncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2021-33064
MISC
intel -- vtune_profilerUncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-26028
MISC
intel -- wapiImproper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access.2022-11-11not yet calculatedCVE-2022-33973
MISC
intel -- xmm_7560_modemImproper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.2022-11-11not yet calculatedCVE-2022-26045
MISC
intel -- xmm_7560_modemImproper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-26079
MISC
intel -- xmm_7560_modemImproper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-26367
MISC
intel -- xmm_7560_modemOut-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.2022-11-11not yet calculatedCVE-2022-26369
MISC
intel -- xmm_7560_modemOut-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.2022-11-11not yet calculatedCVE-2022-26513
MISC
intel -- xmm_7560_modemIncomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.2022-11-11not yet calculatedCVE-2022-27639
MISC
intel -- xmm_7560_modemImproper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.2022-11-11not yet calculatedCVE-2022-27874
MISC
intel -- xmm_7560_modemImproper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.2022-11-11not yet calculatedCVE-2022-28126
MISC
intel -- xmm_7560_modemImproper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.2022-11-11not yet calculatedCVE-2022-28611
MISC
intel -- multiple_products
 
Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.2022-11-11not yet calculatedCVE-2022-26047
MISC

istio -- istio

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds.2022-11-10not yet calculatedCVE-2022-39388
CONFIRM
MISC
MISC
MISC

jerryhanjj -- erp

A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451.2022-11-11not yet calculatedCVE-2022-3944
N/A
N/A

kareadita -- kavita

Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.2022-11-11not yet calculatedCVE-2022-3945
CONFIRM
MISC

lanyulei -- ferry

A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier assigned to this vulnerability.2022-11-11not yet calculatedCVE-2022-3939
N/A

lanyulei -- ferry

A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument file_name leads to path traversal. The associated identifier of this vulnerability is VDB-213447.2022-11-11not yet calculatedCVE-2022-3940
N/A

lin-cms -- lin-cms 

An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator.2022-11-09not yet calculatedCVE-2022-44244
MISC
MISC
manageengine -- mobile_device_manager_plusIn Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation.2022-11-12not yet calculatedCVE-2022-41339
MISC
manageengine -- multiple_productsZoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.2022-11-12not yet calculatedCVE-2022-43671
MISC
manageengine -- multiple_productsZoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.2022-11-12not yet calculatedCVE-2022-43672
MISC

manageengine -- servicedesk_plus_msp

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.2022-11-12not yet calculatedCVE-2022-40773
MISC
MISC

mitsubishi_electric -- multiple_products

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.2022-11-08not yet calculatedCVE-2022-33321
MISC
MISC

mitsubishi_electric -- multiple_products

Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.2022-11-08not yet calculatedCVE-2022-33322
MISC
MISC
mm-wki -- mm-wkimm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS).2022-11-10not yet calculatedCVE-2021-40289
MISC
netatalk -- netatalkNetatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).2022-11-12not yet calculatedCVE-2022-45188
MISC
MISC
MISC
MISC

nextcloud -- desktop_client

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. "vbs", is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused.2022-11-11not yet calculatedCVE-2022-41882
MISC
CONFIRM
MISC
MISC
novell_products -- multiple_productsA Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.2022-11-10not yet calculatedCVE-2022-43753
CONFIRM
novell_products -- multiple_productsAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.2022-11-10not yet calculatedCVE-2022-43754
CONFIRM

opensearch -- opensearch_notifications

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin 2.2.0 and below could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds.2022-11-11not yet calculatedCVE-2022-41906
MISC
CONFIRM
MISC
owncloud -- serverThe Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.2022-11-10not yet calculatedCVE-2022-43679
MISC
parse_server -- parse_serverParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the `requestKeywordDenylist` option. This issue is fixed in versions 4.10.19, and 5.3.2. If upgrade is not possible, the following Workarounds may be applied: Configure your firewall to only allow trusted servers to make request to the Parse Server Cloud Code Webhooks API, or block the API completely if you are not using the feature.2022-11-10not yet calculatedCVE-2022-41878
CONFIRM
parse_server -- parse_serverParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server `requestKeywordDenylist` option. This issue has been patched in versions 5.3.3 and 4.10.20. There are no known workarounds.2022-11-10not yet calculatedCVE-2022-41879
CONFIRM
payara -- payaraPayara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.2022-11-10not yet calculatedCVE-2022-45129
MISC
MISC
MISC
MISC
MISC
pi-star -- pi-star_dv_dashPi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.2022-11-11not yet calculatedCVE-2022-45182
MISC
MISC
MISC
MISC
MISC

portofino -- manydesigns

A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability.2022-11-11not yet calculatedCVE-2022-3952
N/A
N/A
N/A
N/A
prestashop -- eu_cookie_law_gdpr_moduleThe EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ).2022-11-10not yet calculatedCVE-2022-44727
MISC
MISC
MISC
redex -- redexDexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.2022-11-11not yet calculatedCVE-2022-36938
MISC

sandisk -- multiple_products

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux.2022-11-09not yet calculatedCVE-2022-29836
MISC

sanluan -- publiccms

A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456.2022-11-11not yet calculatedCVE-2022-3950
N/A
N/A
simplex -- simplexmqSimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol.2022-11-12not yet calculatedCVE-2022-45195
MISC
MISC
MISC
MISC
snakeyaml -- snakeyamlThose using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.2022-11-11not yet calculatedCVE-2022-41854
CONFIRM

sourcecodester -- sanitization_management_system

A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.2022-11-11not yet calculatedCVE-2022-3942
N/A
sourcecodester -- simple_cashiering_systemA vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-213455.2022-11-11not yet calculatedCVE-2022-3949
N/A
suse -- multiple_productsAn Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.2022-11-10not yet calculatedCVE-2022-31255
CONFIRM

sysstat -- sa_common.c

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.2022-11-08not yet calculatedCVE-2022-39377
CONFIRM

tauri -- tauri

Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json.2022-11-10not yet calculatedCVE-2022-41874
CONFIRM

tholum -- crm42

A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability.2022-11-11not yet calculatedCVE-2022-3955
N/A
N/A
tsruban -- hhimsA vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability.2022-11-11not yet calculatedCVE-2022-3956
N/A
N/A
unmarshal -- unmarshalUnmarshal can panic on some inputs, possibly allowing for denial of service attacks.2022-11-10not yet calculatedCVE-2022-41719
MISC
MISC
MISC
wasmtime -- webassemblyWasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration requirements for safely executing WebAssembly modules. Wasmtime's default settings require virtual memory page faults to indicate that wasm reads/writes are out-of-bounds, but the pooling allocator's configuration would not create an appropriate virtual memory mapping for this meaning out of bounds reads/writes can successfully read/write memory unrelated to the wasm sandbox within range of the base address of the memory mapping created by the pooling allocator. This bug is not applicable with the default settings of the `wasmtime` crate. This bug can only be triggered by setting `InstanceLimits::memory_pages` to zero. This is expected to be a very rare configuration since this means that wasm modules cannot allocate any pages of linear memory. All wasm modules produced by all current toolchains are highly likely to use linear memory, so it's expected to be unlikely that this configuration is set to zero by any production embedding of Wasmtime. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by increasing the `memory_pages` allotment when configuring the pooling allocator to a value greater than zero. If an embedding wishes to still prevent memory from actually being used then the `Store::limiter` method can be used to dynamically disallow growth of memory beyond 0 bytes large. Note that the default `memory_pages` value is greater than zero.2022-11-10not yet calculatedCVE-2022-39392
CONFIRM
MISC
wasmtime -- webassemblyWasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`.2022-11-10not yet calculatedCVE-2022-39393
MISC
CONFIRM
wasmtime -- webassemblyWasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected.2022-11-10not yet calculatedCVE-2022-39394
CONFIRM
MISC
wiesemann_&_theis -- comserverMultiple W&T products of the Comserver Series use a small number space for allocating sessions ids. An unathenticated remote attacker can brute force the session id and gets access to an account on the the device.2022-11-10not yet calculatedCVE-2022-42787
MISC
wordpress -- wordpressA vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448.2022-11-11not yet calculatedCVE-2022-3941
N/A
N/A
N/A
wordpress -- wordpressBroken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress.2022-11-10not yet calculatedCVE-2022-42460
CONFIRM
CONFIRM

wsgidav -- wsgidav

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration.2022-11-11not yet calculatedCVE-2022-41905
MISC
CONFIRM
xpdfreader -- xpdfreaderxpdfreader 4.03 is vulnerable to Buffer Overflow.2022-11-10not yet calculatedCVE-2021-40226
MISC
xterm -- xtermxterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.2022-11-10not yet calculatedCVE-2022-45063
MISC
MISC
MISC
MLIST
MLIST

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.