Vulnerability Summary for the Week of September 26, 2022

Released
Oct 07, 2022

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary

Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- macosThis issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox.2022-09-2310CVE-2022-32845

MISC

MISC

MISC
ruby-lang -- rubyAn exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.2022-09-299.8CVE-2016-2338

MLIST

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.2022-09-299.8CVE-2020-15331

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.2022-09-299.8CVE-2020-15332

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.2022-09-299.8CVE-2020-15347

MISC

MISC
bigbluebutton -- bigbluebuttonBigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.2022-09-299.8CVE-2020-27602

MISC

MISC
bigprof -- online_invoicing_systemBigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments.2022-09-299.8CVE-2020-35674

MISC
wayland -- waylandAn internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.2022-09-239.8CVE-2021-3782

MISC
resumes_management_and_job_application_website_application_project -- resumes_management_and_job_application_website_applicationSQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.2022-09-279.8CVE-2021-41433

MISC

MISC
metersphere -- metersphereAn arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.2022-09-299.8CVE-2021-45790

MISC
grandstream -- gds3710_firmwarean attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.2022-09-239.8CVE-2022-2025

CONFIRM
grandstream -- gds3710_firmwareIn Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.2022-09-239.8CVE-2022-2070

CONFIRM
joblib_project -- joblibThe package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.2022-09-269.8CVE-2022-21797

CONFIRM

CONFIRM

CONFIRM

CONFIRM
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.2022-09-289.8CVE-2022-22522

CONFIRM
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.2022-09-289.8CVE-2022-22526

CONFIRM
nepxion -- discoveryNepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds.2022-09-249.8CVE-2022-23463

MISC
apache -- pinotIn 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.02022-09-239.8CVE-2022-26112

CONFIRM
hp -- m2u86a_firmwareCertain HP Print Products are potentially vulnerable to Remote Code Execution.2022-09-269.8CVE-2022-28721

MISC
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.2022-09-289.8CVE-2022-28811

CONFIRM
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.2022-09-289.8CVE-2022-28812

CONFIRM
gavazziautomation -- cpy_car_park_serverCarlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.2022-09-289.8CVE-2022-28814

CONFIRM
uclibc -- uclibcA memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.2022-09-299.8CVE-2022-29503

MISC
mz-automation -- libiec61850MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.2022-09-239.8CVE-2022-2970

MISC
mz-automation -- libiec61850MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.2022-09-239.8CVE-2022-2972

MISC
online_market_place_site_project -- online_market_place_siteSourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection..2022-09-269.8CVE-2022-30004

MISC

MISC
sophos -- firewallA code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.2022-09-239.8CVE-2022-3236

CONFIRM
ikus-soft -- rdiffwebSession Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7.2022-09-239.8CVE-2022-3269

CONFIRM

MISC
food_ordering_management_system_project -- food_ordering_management_systemA vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583.2022-09-289.8CVE-2022-3332

MISC

MISC
redis -- redisRedis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.2022-09-239.8CVE-2022-35951

CONFIRM

FEDORA

GENTOO
scala-lang -- scalaScala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.2022-09-239.8CVE-2022-36944

MISC

MISC
ec-cube -- product_image_bulk_uploadEC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system.2022-09-279.8CVE-2022-37346

MISC

MISC
rockwellautomation -- thinmanagerRockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.2022-09-239.8CVE-2022-38742

MISC
lcnet -- smart_evisionSmart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete arbitrary system files to disrupt service.2022-09-289.8CVE-2022-39033

MISC
nuprocess_project -- nuprocessNuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's Java_java_lang_UNIXProcess_forkAndExec method (1.2.0+), attackers can use NUL characters in their strings to perform command line injection. Java's ProcessBuilder isn't vulnerable because of a check in ProcessBuilder.start. NuProcess is missing that check. This vulnerability can only be exploited to inject command line arguments on Linux. Version 2.0.5 contains a patch. As a workaround, users of the library can sanitize command strings to remove NUL characters prior to passing them to NuProcess for execution.2022-09-269.8CVE-2022-39243

MISC

CONFIRM

MISC
zfile -- zfileZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.2022-09-269.8CVE-2022-40050

MISC
tenda -- i9_firmwareTenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function.2022-09-239.8CVE-2022-40100

MISC
online_banking_system_project -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php.2022-09-239.8CVE-2022-40113

MISC

MISC
online_banking_system_project -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php.2022-09-239.8CVE-2022-40114

MISC

MISC
online_banking_system_project -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php.2022-09-239.8CVE-2022-40115

MISC

MISC
online_banking_system_project -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php.2022-09-239.8CVE-2022-40116

MISC

MISC
online_banking_system_project -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php.2022-09-239.8CVE-2022-40117

MISC

MISC
online_banking_system_project -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php.2022-09-239.8CVE-2022-40118

MISC

MISC
online_banking_system_project -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php.2022-09-239.8CVE-2022-40119

MISC

MISC
online_banking_system_project -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php.2022-09-239.8CVE-2022-40120

MISC

MISC
online_banking_system_project -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php.2022-09-239.8CVE-2022-40121

MISC

MISC
online_banking_system_project -- online_banking_systemOnline Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php.2022-09-239.8CVE-2022-40122

MISC

MISC
totolink -- a860r_firmwareTOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.2022-09-299.8CVE-2022-40475

MISC
wedding_planner_project -- wedding_plannerWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php.2022-09-269.8CVE-2022-40483

MISC
wedding_planner_project -- wedding_plannerWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php.2022-09-269.8CVE-2022-40484

MISC
wedding_planner_project -- wedding_plannerWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php.2022-09-269.8CVE-2022-40485

MISC
tacitine -- en6200-prime_quad-35_firmwareThis vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device.2022-09-239.8CVE-2022-40628

MISC

MISC
tacitine -- en6200-prime_quad-35_firmwareThis vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform session fixation on the targeted device.2022-09-239.8CVE-2022-40630

MISC

MISC
tenda -- ac18_firmwareTenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set2022-09-239.8CVE-2022-40854

MISC
tenda -- w20e_firmwareTenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.2022-09-239.8CVE-2022-40855

MISC
tenda -- w20e_firmwareTenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/2022-09-239.8CVE-2022-40866

MISC
tenda -- w20e_firmwareTenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/2022-09-239.8CVE-2022-40867

MISC
tenda -- w20e_firmwareTenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/2022-09-239.8CVE-2022-40868

MISC
exam_reviewer_management_system_project -- exam_reviewer_management_systemExam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.2022-09-279.8CVE-2022-40877

MISC
xuxueli -- xxl-jobXXL-JOB 2.2.0 has a Command execution vulnerability in background tasks.2022-09-289.8CVE-2022-40929

MISC
tenda -- tx3_firmwareTenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.2022-09-289.8CVE-2022-40942

MISC
zimbra -- collaborationAn issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio.2022-09-269.8CVE-2022-41352

MISC

MISC

MISC
eyesofnetwork -- eyesofnetworkAn issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.2022-09-279.8CVE-2022-41570

MISC
eyesofnetwork -- eyesofnetworkAn issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.2022-09-279.8CVE-2022-41571

MISC
amazon -- amazon_web_services_redshift_java_database_connectivity_driverIn Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.2022-09-299.8CVE-2022-41828

MISC
google -- chromeInsufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.2022-09-269.6CVE-2022-3075

MISC

MISC

GENTOO

FEDORA
labstack -- echoLabstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).2022-09-289.6CVE-2022-40083

MISC
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .2022-09-289.4CVE-2022-22524

CONFIRM
zte -- zxa10_b76hv3_firmwareThere is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.2022-09-239.1CVE-2022-23144

MISC
b2evolution -- b2evolutionAn authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well.2022-09-289.1CVE-2022-30935

MISC

MISC

MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory.2022-09-239.1CVE-2022-32847

MISC

MISC

MISC

MISC

MISC

MISC
linuxfoundation -- besuBesu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations. In networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations. This issue is patched in version 22.7.1. As a workaround, reverting to version 22.1.3 or earlier will prevent incorrect execution.2022-09-249.1CVE-2022-36025

CONFIRM
python-jwt_project -- python-jwtpython-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds.2022-09-239.1CVE-2022-39227

MISC

CONFIRM

MISC
bigprof -- online_invoicing_systemBigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to Administrator and effectively taking over the application.2022-09-298.8CVE-2020-35675

MISC

MISC
dplugins -- scripts_organizerThe Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file2022-09-268.8CVE-2021-24890

MISC

CONFIRM
bookingultrapro -- booking_ultra_pro_appointments_booking_calendarMultiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress.2022-09-308.8CVE-2021-36854

CONFIRM

CONFIRM
metersphere -- metersphereTime-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter.2022-09-298.8CVE-2021-45788

MISC
apple -- tvosA memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.2022-09-238.8CVE-2022-22610

MISC

MISC

MISC

MISC

MISC
apple -- iphone_osA use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.2022-09-238.8CVE-2022-22624

MISC

MISC

MISC

MISC
apple -- tvosA use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.2022-09-238.8CVE-2022-22628

MISC

MISC

MISC

MISC

MISC
apple -- macosA buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.2022-09-238.8CVE-2022-22629

MISC

MISC

MISC

MISC

MISC

MISC
apple -- tvosA logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.2022-09-238.8CVE-2022-22637

MISC

MISC

MISC

MISC

MISC
apple -- iphone_osA memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.2022-09-238.8CVE-2022-26700

MISC

MISC

MISC

MISC

MISC
google -- chromeUse after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-2852

MISC

MISC

FEDORA
google -- chromeHeap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-2853

MISC

MISC

FEDORA
google -- chromeUse after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-2854

MISC

MISC

FEDORA
google -- chromeUse after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-2855

MISC

MISC

FEDORA
google -- chromeUse after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-2857

MISC

MISC

FEDORA
google -- chromeUse after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.2022-09-268.8CVE-2022-2858

MISC

MISC

FEDORA
google -- chromeUse after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.2022-09-268.8CVE-2022-2859

MISC

MISC

FEDORA
google -- chromeUse after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-2998

MISC

MISC
google -- chromeUse after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3038

MISC

MISC

GENTOO

FEDORA

MISC
google -- chromeUse after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3039

MISC

MISC

GENTOO

FEDORA
google -- chromeUse after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3040

MISC

MISC

GENTOO

FEDORA
google -- chromeUse after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3041

MISC

MISC

GENTOO

FEDORA
google -- chromeUse after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3042

MISC

MISC

GENTOO

FEDORA
google -- chromeHeap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3043

MISC

MISC

GENTOO

FEDORA
google -- chromeInsufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3045

MISC

MISC

GENTOO

FEDORA
google -- chromeUse after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3046

MISC

MISC

GENTOO

FEDORA
google -- chromeUse after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3049

MISC

MISC

GENTOO

FEDORA
google -- chromeHeap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.2022-09-268.8CVE-2022-3050

MISC

MISC

GENTOO

FEDORA
google -- chromeHeap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.2022-09-268.8CVE-2022-3051

MISC

MISC

GENTOO

FEDORA
google -- chromeHeap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.2022-09-268.8CVE-2022-3052

MISC

MISC

GENTOO

FEDORA
google -- chromeUse after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3055

MISC

MISC

GENTOO

FEDORA
google -- chromeUse after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.2022-09-268.8CVE-2022-3058

MISC

MISC

GENTOO

FEDORA
google -- chromeUse after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.2022-09-268.8CVE-2022-3071

MISC

MISC

GENTOO

FEDORA
strapi -- strapiStrapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.2022-09-278.8CVE-2022-31367

MISC

MISC

MISC
google -- chromeOut of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.2022-09-268.8CVE-2022-3195

MISC

MISC

GENTOO

FEDORA
google -- chromeUse after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2022-09-268.8CVE-2022-3196

MISC

MISC

GENTOO

FEDORA
google -- chromeUse after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2022-09-268.8CVE-2022-3197

MISC

MISC

GENTOO

FEDORA
google -- chromeUse after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2022-09-268.8CVE-2022-3198

MISC

MISC

GENTOO

FEDORA
google -- chromeUse after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3199

MISC

MISC

GENTOO

FEDORA
google -- chromeHeap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-268.8CVE-2022-3200

MISC

MISC

GENTOO

FEDORA
cloudbase -- open_vswitchIn ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.2022-09-288.8CVE-2022-32166

MISC

MISC
rocket.chat -- rocket.chatA SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.2022-09-238.8CVE-2022-32211

MISC
apple -- macosAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.2022-09-238.8CVE-2022-32787

MISC

MISC

MISC

MISC

MISC

MISC
apple -- macosAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.2022-09-238.8CVE-2022-32792

MISC

MISC

MISC

MISC

MISC
rocket.chat -- rocket.chatA improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.2022-09-238.8CVE-2022-35248

MISC
contec -- fxa3000_firmwareContec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware.2022-09-268.8CVE-2022-36159

MISC

MISC

MISC

MISC
solarwinds -- orion_platformA vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.2022-09-308.8CVE-2022-36961

MISC

MISC
jflyfox -- jfinal_cmsJFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.2022-09-278.8CVE-2022-37209

MISC

MISC
backup_scheduler_project -- backup_schedulerCross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress.2022-09-238.8CVE-2022-38079

CONFIRM

CONFIRM
read_more_by_adam_project -- read_more_by_adamCross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.2022-09-238.8CVE-2022-38085

CONFIRM

CONFIRM
cusrev -- customer_reviews_for_woocommerceAuthenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.2022-09-238.8CVE-2022-38134

CONFIRM

CONFIRM
kraken -- kraken.io_image_optimizerCross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress.2022-09-238.8CVE-2022-38454

CONFIRM

CONFIRM
cusrev -- customer_reviews_for_woocommerceCross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.2022-09-238.8CVE-2022-38470

CONFIRM

CONFIRM
lcnet -- smart_evisionSmart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service.2022-09-288.8CVE-2022-39032

MISC
arvados -- arvadosArvados is an open source platform for managing and analyzing biomedical big data. In versions prior to 2.4.3, when using Portable Authentication Modules (PAM) for user authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host (such as an expired password), it would still be accepted for access to Arvados. Other authentication methods (LDAP, OpenID Connect) supported by Arvados are not affected by this flaw. This issue is patched in version 2.4.3. Workaround for this issue is to migrate to a different authentication method supported by Arvados, such as LDAP.2022-09-238.8CVE-2022-39238

CONFIRM
centreon -- centreonCentreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.2022-09-268.8CVE-2022-40043

MISC

MISC
wedding_planner_project -- wedding_plannerWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php.2022-09-268.8CVE-2022-40402

MISC
wedding_planner_project -- wedding_plannerWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php.2022-09-268.8CVE-2022-40404

MISC
chamilo -- chamiloA zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.2022-09-298.8CVE-2022-40407

CONFIRM

MISC

MISC
tp-link -- archer_ax10_v1_firmwareTP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file.2022-09-288.8CVE-2022-40486

MISC

MISC

MISC
wazuh -- wazuhWazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.2022-09-288.8CVE-2022-40497

MISC
mipcm -- mipc_camera_firmwareUnlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406.2022-09-268.8CVE-2022-40784

MISC
mipcm -- mipc_camera_firmwareUnsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. This allows an attacker to gain remote code execution on cameras running the firmware when a victim logs into a specially crafted mobile app.2022-09-268.8CVE-2022-40785

MISC
exam_reviewer_management_system_project -- exam_reviewer_management_systemIn Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).2022-09-278.8CVE-2022-40878

MISC
checkpoint -- zonealarmCheck Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.2022-09-278.8CVE-2022-41604

MISC

MISC

MISC
qemu -- qemuQEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.2022-09-298.6CVE-2014-0144

MISC

MISC

MISC

MISC

MISC

MISC

MISC

MISC

MISC

MISC

MISC

MISC

MISC

MISC

MISC
insyde -- insydeh2oAn issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.2022-09-238.2CVE-2022-35893

MISC

MISC

MISC
insyde -- insydeh2oAn issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI.2022-09-238.2CVE-2022-36338

MISC

MISC

MISC
insyde -- insydeh2oAn issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.2022-09-288.2CVE-2022-36448

MISC

MISC

MISC
mailcow -- mailcow\mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server.2022-09-278.2CVE-2022-39258

MISC

CONFIRM
hapijs -- hoekhoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.2022-09-238.1CVE-2020-36604

MISC

MISC
next-auth -- nextauth`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use `next-auth` Email Provider and `@next-auth/upstash-redis-adapter` before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation did not check for both the identifier (email) and the token, but only checking for the identifier when verifying the token in the email callback flow. An attacker who knows about the victim's email could easily sign in as the victim, given the attacker also knows about the verification token's expired duration. The vulnerability is patched in v3.0.2. A workaround is available. Using Advanced Initialization, developers can check the requests and compare the query's token and identifier before proceeding.2022-09-288.1CVE-2022-39263

CONFIRM

MISC
contec -- fxa3000_firmwareContec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).2022-09-268CVE-2022-36158

MISC

MISC

MISC

MISC
orckestra -- c1_cmsOrckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.2022-09-278CVE-2022-39256

MISC

MISC

CONFIRM
zktec -- zkbio_timeZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module.2022-09-298CVE-2022-40472

MISC
graphicsmagick -- graphicsmagickIn GraphicsMagick, a heap buffer overflow was found when parsing MIFF.2022-09-287.8CVE-2022-1270

MISC

GENTOO
qualcomm -- apq8009_firmwareMemory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-267.8CVE-2022-22058

CONFIRM
ffmpeg -- ffmpegA heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e052022-09-237.8CVE-2022-2566

MISC
acer -- altos_t110_f3_firmwareThere is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.2022-09-237.8CVE-2022-30426

MISC

MISC

MISC
linux -- linux_kerneloff-by-one in io_uring module.2022-09-267.8CVE-2022-3103

MISC
notepad-plus-plus -- notepad\+\+Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.2022-09-287.8CVE-2022-32168

CONFIRM

MISC
measuresoft -- scadapro_serverThe security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.2022-09-237.8CVE-2022-3263

CONFIRM
apple -- macosA memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.2022-09-237.8CVE-2022-32796

MISC
apple -- macosAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app may be able to gain elevated privileges.2022-09-237.8CVE-2022-32798

MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to gain root privileges.2022-09-237.8CVE-2022-32801

MISC
apple -- iphone_osA type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.2022-09-237.8CVE-2022-32814

MISC

MISC

MISC

MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.2022-09-237.8CVE-2022-32815

MISC

MISC

MISC

MISC

MISC

MISC
apple -- macosA logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.2022-09-237.8CVE-2022-32819

MISC

MISC

MISC

MISC

MISC

MISC
apple -- macosAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.2022-09-237.8CVE-2022-32820

MISC

MISC

MISC

MISC

MISC

MISC
apple -- macosA memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.2022-09-237.8CVE-2022-32821

MISC

MISC

MISC

MISC
apple -- macosAn authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.2022-09-237.8CVE-2022-32826

MISC

MISC

MISC

MISC

MISC

MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.2022-09-237.8CVE-2022-32829

MISC

MISC
apple -- macosAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges.2022-09-237.8CVE-2022-32842

MISC

MISC
vim -- vimStack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.2022-09-257.8CVE-2022-3296

MISC

CONFIRM
vim -- vimUse After Free in GitHub repository vim/vim prior to 9.0.0579.2022-09-257.8CVE-2022-3297

MISC

CONFIRM
vim -- vimStack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.2022-09-277.8CVE-2022-3324

CONFIRM

MISC
vim -- vimUse After Free in GitHub repository vim/vim prior to 9.0.0614.2022-09-297.8CVE-2022-3352

CONFIRM

MISC
ui -- desktopA local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.2022-09-237.8CVE-2022-35257

MISC
xpdfreader -- xpdfThere is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.2022-09-297.8CVE-2022-38222

MISC
toaruos -- toaruosreadelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file.2022-09-277.8CVE-2022-38932

MISC
makedeb -- mistMist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.2022-09-267.8CVE-2022-39245

CONFIRM

MISC

MISC
clash_project -- clashA misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.2022-09-297.8CVE-2022-40126

MISC
trendmicro -- deep_securityA link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-09-287.8CVE-2022-40710

N/A

N/A
kovidgoyal -- kittyIn Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.2022-09-237.8CVE-2022-41322

MISC

MISC

MISC

MISC

GENTOO

FEDORA

FEDORA
zimbra -- collaborationAn issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.2022-09-267.8CVE-2022-41347

MISC

MISC

MISC

MISC
ibm -- websphere_mqIBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager.2022-09-297.5CVE-2012-2201

XF
google -- chromeDouble free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-297.5CVE-2019-5797

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.2022-09-297.5CVE-2020-15327

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.2022-09-297.5CVE-2020-15340

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.2022-09-297.5CVE-2020-15341

MISC

MISC
trudesk_project -- trudeskThe trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service.2022-09-297.5CVE-2022-1718

CONFIRM

MISC
gavazziautomation -- cpy_car_park_serverAn improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.2022-09-287.5CVE-2022-22523

CONFIRM
nepxion -- discoveryNepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.2022-09-247.5CVE-2022-23464

MISC
mz-automation -- libiec61850MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.2022-09-237.5CVE-2022-2971

MISC
mz-automation -- libiec61850MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.2022-09-237.5CVE-2022-2973

MISC
ldap_wp_login_\/_active_directory_integration_project -- ldap_wp_login_\/_active_directory_integrationThe Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication2022-09-267.5CVE-2022-2987

MISC
oauth_client_single_sign_on_project -- oauth_client_single_sign_onThe OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address2022-09-267.5CVE-2022-3119

MISC
nlnetlabs -- unboundA vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.2022-09-267.5CVE-2022-3204

CONFIRM

FEDORA
apple -- swiftnioNIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines to their input (usually in encoded form) and "inject" those newlines into the returned HTTP response. This capability allows users to work around security headers and HTTP/1.1 framing headers by injecting entirely false responses or other new headers. The injected false responses may also be treated as the response to subsequent requests, which can lead to XSS, cache poisoning, and a number of other flaws. This issue was resolved by adding validation to the HTTPHeaders type, ensuring that there's no whitespace incorrectly present in the HTTP headers provided by users. As the existing API surface is non-failable, all invalid characters are replaced by linear whitespace.2022-09-287.5CVE-2022-3215

MISC
ikus-soft -- rdiffwebImproper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.2022-09-267.5CVE-2022-3272

MISC

CONFIRM
apple -- macosThis issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.2022-09-237.5CVE-2022-32790

MISC

MISC

MISC

MISC

MISC

MISC
ikus-soft -- rdiffwebImproper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.2022-09-267.5CVE-2022-3290

CONFIRM

MISC
ikus-soft -- rdiffwebAllocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.2022-09-267.5CVE-2022-3295

CONFIRM

MISC
ikus-soft -- rdiffwebAllocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.2022-09-267.5CVE-2022-3298

CONFIRM

MISC
advantech -- iviewAn SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.2022-09-277.5CVE-2022-3323

MISC
open5gs -- open5gsA vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-209686 is the identifier assigned to this vulnerability.2022-09-287.5CVE-2022-3354

MISC

MISC
ikus-soft -- rdiffwebAllocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.2022-09-297.5CVE-2022-3364

CONFIRM

MISC
realtek -- rtl8195am_firmwareOn Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task can be locked when there are frequent and continuous Wi-Fi connection failures for the Soft AP mode.2022-09-277.5CVE-2022-34326

MISC

MISC
dell -- smartfabric_os10Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans.2022-09-287.5CVE-2022-34424

MISC
linuxfoundation -- fabricA vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack.2022-09-237.5CVE-2022-35253

MISC

MISC

MISC
netapp -- snapcenterSnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.2022-09-297.5CVE-2022-38732

MISC
pbc_project -- pbcAn issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.2022-09-237.5CVE-2022-38936

MISC
lcnet -- smart_evisionsmart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information.2022-09-287.5CVE-2022-39030

MISC
ibm -- robotic_process_automation_for_servicesIBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.2022-09-297.5CVE-2022-39168

XF

CONFIRM
wolfssl -- wolfsslIn wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.2022-09-297.5CVE-2022-39173

MISC

MISC
matrix -- software_development_kitmatrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. matrix-android-sdk2 would then additionally sign such a key backup with its device key, spilling trust over to other devices trusting the matrix-android-sdk2 device. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-android-sdk2 version 1.5.1 has been modified to only accept Olm-encrypted to-device messages and to stop signing backups on a successful decryption. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.2022-09-287.5CVE-2022-39248

MISC

MISC

CONFIRM

MISC
matrix -- javascript_sdkMatrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround.2022-09-287.5CVE-2022-39249

MISC

CONFIRM

MISC

MISC

MISC
matrix -- javascript_sdkMatrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround.2022-09-297.5CVE-2022-39250

MISC

MISC

MISC

CONFIRM
matrix -- javascript_sdkMatrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.2022-09-287.5CVE-2022-39251

MISC

MISC

MISC

CONFIRM
matrix -- matrix-rust-sdkmatrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.2022-09-297.5CVE-2022-39252

CONFIRM

MISC

MISC

MISC
matrix -- software_development_kitMatrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-ios-sdk version 0.23.19 has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. To avoid malicious backup attacks, one should not verify one's new logins using emoji/QR verifications methods until patched.2022-09-287.5CVE-2022-39255

MISC

CONFIRM

MISC

MISC
matrix -- software_development_kitMatrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.2022-09-287.5CVE-2022-39257

MISC

CONFIRM

MISC

MISC
symfony -- twigTwig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.2022-09-287.5CVE-2022-39261

MISC

CONFIRM

CONFIRM
cloudwego -- hertzHertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.2022-09-287.5CVE-2022-40082

MISC

MISC
tenda -- i9_firmwareTenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-237.5CVE-2022-40101

MISC
tenda -- i9_firmwareTenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-237.5CVE-2022-40102

MISC
tenda -- i9_firmwareTenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-237.5CVE-2022-40104

MISC
tenda -- i9_firmwareTenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-237.5CVE-2022-40105

MISC
tenda -- i9_firmwareTenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-237.5CVE-2022-40106

MISC
tenda -- i9_firmwareTenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-237.5CVE-2022-40107

MISC
nic -- knot_resolverKnot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.2022-09-237.5CVE-2022-40188

CONFIRM

FEDORA

FEDORA

FEDORA
cusrev -- customer_reviews_for_woocommerceUnauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress2022-09-237.5CVE-2022-40194

CONFIRM

CONFIRM
samsung -- tizenrtAn issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.2022-09-297.5CVE-2022-40278

MISC

MISC

MISC

MISC
samsung -- tizenrtAn issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).2022-09-297.5CVE-2022-40279

MISC

MISC

MISC
tacitine -- en6200-prime_quad-35_firmwareThis vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to insecure design in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to view sensitive information on the targeted device.2022-09-237.5CVE-2022-40629

MISC

MISC
open5gs -- open5gsA vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service.2022-09-297.5CVE-2022-40890

MISC
secp256k1-js_project -- secp256k1-jsThe secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.2022-09-247.5CVE-2022-41340

MISC

MISC

MISC

MISC
dompdf_project -- dompdfregisterFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.2022-09-257.5CVE-2022-41343

MISC

MISC

MISC
chipolo -- chipoloChipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials.2022-09-277.4CVE-2022-37193

MISC

MISC
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function2022-09-287.2CVE-2022-22525

CONFIRM
postmansmtp -- post_smtp_mailer\/email_logThe Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.2022-09-267.2CVE-2022-2352

MISC
ninjaforms -- ninja_formsThe Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.2022-09-267.2CVE-2022-2903

MISC
cminds -- cm_download_managerThe CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.2022-09-267.2CVE-2022-3076

MISC
flatpress -- flatpressFlatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.2022-09-297.2CVE-2022-40048

MISC

MISC
online_tours_and_travels_management_system_project -- online_tours_and_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_currency.php.2022-09-267.2CVE-2022-40097

MISC
online_tours_\&_travels_management_system_project -- online_tours_\&_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php.2022-09-267.2CVE-2022-40098

MISC
online_tours_\&_travels_management_system_project -- online_tours_\&_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php.2022-09-267.2CVE-2022-40099

MISC
online_tours_\&_travels_management_system -- online_tours_\&_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php.2022-09-277.2CVE-2022-40352

MISC
online_tours_\&_travels_management_system_project -- online_tours_\&_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php.2022-09-277.2CVE-2022-40353

MISC
online_tours_\&_travels_management_system_project -- online_tours_\&_travels_management_systemOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php.2022-09-277.2CVE-2022-40354

MISC
wedding_planner_project -- wedding_plannerWedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php.2022-09-267.2CVE-2022-40403

MISC
tenda -- ac18_firmwareTenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/2022-09-237.2CVE-2022-40861

MISC
zoo_management_system_project -- zoo_management_systemZoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.2022-09-267.2CVE-2022-40924

MISC
zoo_management_system_project -- zoo_management_systemZoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system.2022-09-267.2CVE-2022-40925

MISC
online_leave_management_system_project -- online_leave_management_systemOnline Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type.2022-09-267.2CVE-2022-40926

MISC
online_leave_management_system_project -- online_leave_management_systemOnline Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation.2022-09-267.2CVE-2022-40927

MISC
online_leave_management_system_project -- online_leave_management_systemOnline Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application.2022-09-267.2CVE-2022-40928

MISC
apple -- ipad_osAn out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.2022-09-237.1CVE-2020-36521

MISC

MISC

MISC

MISC

MISC

MISC
denx -- u-bootThere exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.2022-09-237.1CVE-2022-2347

MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.2022-09-237.1CVE-2022-32797

MISC

MISC

MISC
apple -- macosThis issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.2022-09-237.1CVE-2022-32807

MISC

MISC

MISC
apple -- macosAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.2022-09-237.1CVE-2022-32831

MISC

MISC

MISC
apple -- macosAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory.2022-09-237.1CVE-2022-32843

MISC

MISC

MISC
apple -- macosAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.2022-09-237.1CVE-2022-32851

MISC

MISC

MISC
apple -- macosAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.2022-09-237.1CVE-2022-32852

MISC
apple -- macosAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.2022-09-237.1CVE-2022-32853

MISC

MISC

MISC
ibm -- sterling_partner_engagement_managerIBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.2022-09-237.1CVE-2022-34348

CONFIRM

XF

Back to top

 

Medium Vulnerabilities

Primary

Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
rocket.chat -- rocket.chatAn improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code).2022-09-236.8CVE-2022-30124

MISC
google -- chromeInappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.2022-09-266.8CVE-2022-3048

MISC

MISC

GENTOO

FEDORA
sony -- playstation_4_firmwareA vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical device. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-209679.2022-09-286.8CVE-2022-3349

MISC

MISC
westerndigital -- my_cloud_home_firmwareA stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.2022-09-276.7CVE-2022-23006

MISC

MISC
ivanti -- endpoint_managerThe “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.2022-09-236.7CVE-2022-30121

MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.2022-09-236.7CVE-2022-32832

MISC

MISC

MISC

MISC

MISC

MISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system.2022-09-296.5CVE-2012-4818

MISC

XF
moodle -- moodleAn authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.2022-09-296.5CVE-2021-40693

MISC
asus -- rt-ax88u_firmwareAn HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.2022-09-266.5CVE-2021-41437

MISC

CONFIRM
mediawiki -- mediawikiAn issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash revisions.2022-09-296.5CVE-2021-42049

MISC

MISC
fusionpbx -- fusionpbxAn issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the intended directory).2022-09-296.5CVE-2021-43403

MISC
metersphere -- metersphereAn arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.2022-09-296.5CVE-2021-45789

MISC
google -- chromeInsufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.2022-09-266.5CVE-2022-2856

MISC

MISC

FEDORA
google -- chromeInsufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.2022-09-266.5CVE-2022-2860

MISC

MISC

FEDORA
google -- chromeInappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.2022-09-266.5CVE-2022-2861

MISC

MISC

FEDORA
google -- chromeInappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.2022-09-266.5CVE-2022-3044

MISC

MISC

GENTOO

FEDORA
google -- chromeInsufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.2022-09-266.5CVE-2022-3047

MISC

MISC

GENTOO

FEDORA
google -- chromeInsufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-09-266.5CVE-2022-3054

MISC

MISC

GENTOO

FEDORA
google -- chromeInsufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.2022-09-266.5CVE-2022-3056

MISC

MISC

GENTOO

FEDORA
google -- chromeInappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2022-09-266.5CVE-2022-3057

MISC

MISC

GENTOO

FEDORA
php -- phpIn PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.2022-09-286.5CVE-2022-31629

MISC
rocket.chat -- rocket.chatAn information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.2022-09-236.5CVE-2022-32220

MISC
rocket.chat -- rocket.chatA cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product.2022-09-236.5CVE-2022-32227

MISC
mattermost -- mattermost_serverMattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.2022-09-236.5CVE-2022-3257

MISC

MISC
apple -- macosThe issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.2022-09-236.5CVE-2022-32816

MISC

MISC

MISC

MISC
fwupd -- fwupdWhen creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.2022-09-286.5CVE-2022-3287

MISC
open5gs -- open5gsA vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The name of the patch is 724fa568435dae45ef0c3a48b2aabde052afae88. It is recommended to apply a patch to fix this issue. The identifier VDB-209545 was assigned to this vulnerability.2022-09-266.5CVE-2022-3299

MISC

MISC

MISC
ibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.2022-09-286.5CVE-2022-35282

XF

CONFIRM
amperecomputing -- ampere_altra_max_firmwareAmpere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.2022-09-296.5CVE-2022-35888

MISC

MISC
ibm -- qradar_user_behavior_analyticsIBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.2022-09-286.5CVE-2022-36771

XF

CONFIRM
iegeek -- ig20_firmwareieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.2022-09-266.5CVE-2022-38970

MISC
lcnet -- smart_evisionSmart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information.2022-09-286.5CVE-2022-39029

MISC
lcnet -- smart_evisionSmart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files.2022-09-286.5CVE-2022-39034

MISC
xbifrost -- bifrostBifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.2022-09-266.5CVE-2022-39219

MISC

MISC

CONFIRM
amazon -- fhir-works-on-aws-authz-smartfhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s OAuth scope permits when making “search-type” requests. This issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access. Users of fhir-works-on-aws-authz-smart 3.1.1 or 3.1.2 should upgrade to version 3.1.3 or higher immediately. Versions 3.1.0 and below are unaffected. There is no workaround for this issue.2022-09-236.5CVE-2022-39230

CONFIRM
matrix-nio_project -- matrix-niomatrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue.2022-09-296.5CVE-2022-39254

CONFIRM

MISC
hashicorp -- consulHashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."2022-09-236.5CVE-2022-40716

MISC

MISC
zammad -- zammadZammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2.2022-09-276.5CVE-2022-40816

MISC
veritas -- system_recoveryVeritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.2022-09-236.5CVE-2022-41320

MISC
qemu -- qemuQemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.2022-09-296.2CVE-2014-0147

MISC

MISC

MISC

MISC

MISC

MISC
ibm -- rational_changeIBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.2022-09-296.1CVE-2012-2160

MISC

XF
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.2022-09-296.1CVE-2020-15339

MISC

MISC
bookingultrapro -- booking_ultra_pro_appointments_booking_calendarCross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress.2022-09-306.1CVE-2021-36855

CONFIRM

CONFIRM
mediawiki -- mediawikiAn issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.2022-09-296.1CVE-2021-42046

MISC

MISC

MISC
glfusion -- glfusionglFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application's response.2022-09-296.1CVE-2021-45843

MISC
express_xss_sanitizer_project -- express_xss_sanitizerThe package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.2022-09-266.1CVE-2022-21169

CONFIRM

CONFIRM

CONFIRM

CONFIRM
xdsoft -- jodit_editorJodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.2022-09-246.1CVE-2022-23461

CONFIRM
themehunk -- wp_popup_builderThe WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting2022-09-266.1CVE-2022-2404

MISC
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.2022-09-286.1CVE-2022-28816

CONFIRM
simplefilelist -- simple-file-listThe Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting2022-09-266.1CVE-2022-3062

MISC
ovirt -- ovirt-engineAn HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages.2022-09-286.1CVE-2022-3193

MISC
3d_tag_cloud_project -- 3d_tag_cloudMultiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.2022-09-236.1CVE-2022-36417

CONFIRM

CONFIRM
solarwinds -- solarwinds_platformInsufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).2022-09-306.1CVE-2022-36965

CONFIRM

CONFIRM
creativeitem -- academy_learning_management_systemAcademy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.2022-09-266.1CVE-2022-38553

MISC

MISC

MISC

MISC

MISC
heimavista -- dark_horse_rpageHeimavista Rpage has insufficient filtering for platform web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.2022-09-286.1CVE-2022-39053

MISC
cowell_enterprise_travel_management_system_project -- cowell_enterprise_travel_management_systemCowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.2022-09-286.1CVE-2022-39054

MISC
kfm_project -- kfmCross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.2022-09-236.1CVE-2022-40359

MISC

MISC
etaplighting -- etap_safety_managerETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.2022-09-286.1CVE-2022-40912

MISC
dutchcoders -- transfer.shdutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS).2022-09-296.1CVE-2022-40931

MISC

MISC
velneo -- vclientVelneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.2022-09-235.9CVE-2021-45035

CONFIRM

CONFIRM

MISC

MISC
bosch -- bosch_video_management_systemInformation Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.2022-09-305.9CVE-2022-32540

CONFIRM
apple -- macosAn out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information.2022-09-235.9CVE-2022-32799

MISC

MISC
apache -- pulsarDelayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication data is sent before verifying the server’s TLS certificate matches the hostname, which means authentication data could be exposed to an attacker. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. Because the client sends authentication data before performing hostname verification, an attacker could gain access to the client’s authentication data. The client eventually closes the connection when it verifies the hostname and identifies the targeted hostname does not match a hostname on the certificate. Because the client eventually closes the connection, the value of the intercepted authentication data depends on the authentication method used by the client. Token based authentication and username/password authentication methods are vulnerable because the authentication data can be used to impersonate the client in a separate session. This issue affects Apache Pulsar Java Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.2022-09-235.9CVE-2022-33681

MISC
apache -- pulsarTLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle attacks, which could leak credentials, configuration data, message data, and any other data sent by these clients. The vulnerability is for both the pulsar+ssl protocol and HTTPS. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. This issue affects Apache Pulsar Broker, Proxy, and WebSocket Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.2022-09-235.9CVE-2022-33682

MISC
apache -- pulsarApache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middle attacks, which could leak authentication data, configuration data, and any other data sent by these clients. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. This issue affects Apache Pulsar Broker and Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.2022-09-235.9CVE-2022-33683

MISC
asus -- armoury_crate_serviceArmoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.2022-09-285.9CVE-2022-38699

MISC
nheko_project -- nhekonheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one's own devices, and/or avoid pressing the request button in the settings menu.2022-09-285.9CVE-2022-39264

CONFIRM

MISC

MISC

FEDORA
apasionados -- export_post_infoAuthenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress.2022-09-235.7CVE-2022-38061

CONFIRM

CONFIRM
qemu -- qemuQemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.2022-09-295.5CVE-2014-0148

MISC

MISC

MISC

MISC

MISC

MISC
ibm -- java_sdkIBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.2022-09-295.5CVE-2015-1931

MISC

MISC

MISC

MISC

MISC

MISC

MISC

MISC

MISC

MISC
vim -- vimNULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.2022-09-295.5CVE-2022-1725

CONFIRM

MISC
ibm -- common_cryptographic_architectureIBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596.2022-09-235.5CVE-2022-22423

XF

CONFIRM
apple -- macosAn issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information.2022-09-235.5CVE-2022-26707

MISC
linux -- linux_kernelThere exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c2022-09-235.5CVE-2022-2785

CONFIRM

CONFIRM
f-secure -- internet_gatekeeperA Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine2022-09-235.5CVE-2022-28886

MISC

MISC
php -- phpIn PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.2022-09-285.5CVE-2022-31628

MISC
vim -- vimNULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.2022-09-235.5CVE-2022-3278

MISC

CONFIRM
apple -- macosA logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.2022-09-235.5CVE-2022-32783

MISC
apple -- macosA null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.2022-09-235.5CVE-2022-32785

MISC

MISC

MISC

MISC
apple -- macosAn issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.2022-09-235.5CVE-2022-32786

MISC

MISC

MISC
apple -- macosA logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences.2022-09-235.5CVE-2022-32789

MISC
apple -- macosThis issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.2022-09-235.5CVE-2022-32800

MISC

MISC

MISC
apple -- macosThe issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to access sensitive user information.2022-09-235.5CVE-2022-32805

MISC

MISC

MISC
apple -- macosAn out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.2022-09-235.5CVE-2022-32817

MISC

MISC

MISC

MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state.2022-09-235.5CVE-2022-32818

MISC
apple -- macosA memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.2022-09-235.5CVE-2022-32823

MISC

MISC

MISC

MISC

MISC

MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.2022-09-235.5CVE-2022-32825

MISC

MISC

MISC

MISC

MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.2022-09-235.5CVE-2022-32828

MISC

MISC

MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image may result in disclosure of process memory.2022-09-235.5CVE-2022-32841

MISC

MISC

MISC

MISC
apple -- macosA logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to capture a user’s screen.2022-09-235.5CVE-2022-32848

MISC

MISC
apple -- macosAn information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.2022-09-235.5CVE-2022-32849

MISC

MISC

MISC

MISC

MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow()2022-09-235.5CVE-2022-35091

MISC

MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c.2022-09-235.5CVE-2022-35092

MISC

MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.2022-09-235.5CVE-2022-35093

MISC

MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.2022-09-235.5CVE-2022-35094

MISC

MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc.2022-09-235.5CVE-2022-35095

MISC

MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.2022-09-235.5CVE-2022-35096

MISC

MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc.2022-09-235.5CVE-2022-35097

MISC

MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc.2022-09-235.5CVE-2022-35098

MISC

MISC
swftools -- swftoolsSWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc.2022-09-235.5CVE-2022-35099

MISC

MISC
tenda -- i9_firmwareTenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.2022-09-235.5CVE-2022-40103

MISC
axiosys -- bento4An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.2022-09-305.5CVE-2022-41841

MISC
xpdfreader -- xpdfAn issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.2022-09-305.5CVE-2022-41842

MISC

MISC
xpdfreader -- xpdfAn issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.2022-09-305.5CVE-2022-41843

MISC

MISC
xpdfreader -- xpdfAn issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.2022-09-305.5CVE-2022-41844

MISC

MISC

MISC
axiosys -- bento4An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h.2022-09-305.5CVE-2022-41845

MISC

MISC
axiosys -- bento4An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.2022-09-305.5CVE-2022-41846

MISC

MISC
axiosys -- bento4An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.2022-09-305.5CVE-2022-41847

MISC

MISC

MISC
expense_management_system_project -- expense_management_systemA stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.2022-09-285.4CVE-2021-41434

MISC

MISC
mediawiki -- mediawikiAn issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote.2022-09-295.4CVE-2021-42045

MISC

MISC
mediawiki -- mediawikiAn issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback.2022-09-295.4CVE-2021-42047

MISC

MISC
trudesk_project -- trudeskReflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page2022-09-295.4CVE-2022-1719

CONFIRM

MISC
svg_support_wordpress -- svg_supportThe SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks2022-09-265.4CVE-2022-1755

MISC
ibm -- application_gatewayIBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965.2022-09-285.4CVE-2022-22387

XF

CONFIRM
N/A -- N/A

 
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-305.4CVE-2022-28851

MISC
oxilab -- image_hover_effects_ultimateThe Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.2022-09-235.4CVE-2022-2937

MISC

MISC
online_market_place_site_project -- online_market_place_siteSourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields.2022-09-265.4CVE-2022-30003

MISC

MISC
simple_bitcoin_faucets_project -- simple_bitcoin_faucetsThe Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues2022-09-265.4CVE-2022-3024

MISC
bitcoin\/altcoin_faucet_project -- bitcoin\/altcoin_faucetThe Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues2022-09-265.4CVE-2022-3025

MISC
google -- chromeInsufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.2022-09-265.4CVE-2022-3201

MISC

MISC

GENTOO

DEBIAN

FEDORA
zephyr-one -- zephyr_project_managerA vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability.2022-09-285.4CVE-2022-3333

MISC

MISC
inventree_project -- inventreeCross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.2022-09-295.4CVE-2022-3355

CONFIRM

MISC
rocket.chat -- rocket.chatA cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed.2022-09-235.4CVE-2022-35251

MISC
ibm -- jazz_for_service_managementIBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.2022-09-235.4CVE-2022-35721

CONFIRM

XF
ibm -- jazz_for_service_managementIBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381.2022-09-285.4CVE-2022-35722

CONFIRM

XF
iris -- isamsISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application.2022-09-275.4CVE-2022-37028

MISC

MISC
webhelpagency -- wha_crosswordAuthenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA Crossword plugin <= 1.1.10 at WordPress.2022-09-235.4CVE-2022-37330

CONFIRM

CONFIRM
blossomthemes -- blossom_recipe_makerMultiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress.2022-09-235.4CVE-2022-37338

CONFIRM

CONFIRM
fullworksplugins -- meet_my_teamAuthenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress.2022-09-235.4CVE-2022-37339

CONFIRM

CONFIRM
vtiger -- vtiger_crmVtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.2022-09-275.4CVE-2022-38335

MISC

MISC

MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-235.4CVE-2022-38438

MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-235.4CVE-2022-38439

MISC
notice_board_project -- notice_boardAuthenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress.2022-09-235.4CVE-2022-38460

CONFIRM

CONFIRM
ec-cube -- ec-cubeDOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page.2022-09-275.4CVE-2022-38975

MISC

MISC
lcnet -- smart_evisionSmart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.2022-09-285.4CVE-2022-39035

MISC
nuxtjs -- netlify-ipxnetlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be achieved by requesting a malicious SVG with embedded scripts, which would then be served from the site domain. Note that this does not apply to images loaded in `<img>` tags, as scripts do not execute in this context. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. This problem has been fixed in version 1.2.3. As a workaround, cached content can be cleared by re-deploying the site.2022-09-235.4CVE-2022-39239

CONFIRM
mygraph_project -- mygraphMyGraph is a permission management system. Versions prior to 1.0.4 are vulnerable to a storage XSS vulnerability leading to Remote Code Execution. This issue is patched in version 1.0.4. There is no known workaround.2022-09-245.4CVE-2022-39240

CONFIRM
centreon -- centreonCentreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.2022-09-265.4CVE-2022-40044

MISC

MISC
tabs_project -- tabsMultiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress.2022-09-235.4CVE-2022-40215

CONFIRM

CONFIRM
ajaxplorer -- ajaxplorerAn issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload.2022-09-235.4CVE-2022-40358

MISC

MISC
feehi -- feehicmsFeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.2022-09-295.4CVE-2022-40408

MISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586.2022-09-235.4CVE-2022-40748

XF

CONFIRM
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.2022-09-295.3CVE-2020-15325

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.2022-09-295.3CVE-2020-15326

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.2022-09-295.3CVE-2020-15328

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.2022-09-295.3CVE-2020-15329

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.2022-09-295.3CVE-2020-15330

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.2022-09-295.3CVE-2020-15333

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.2022-09-295.3CVE-2020-15334

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.2022-09-295.3CVE-2020-15337

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.2022-09-295.3CVE-2020-15338

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.2022-09-295.3CVE-2020-15342

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.2022-09-295.3CVE-2020-15343

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.2022-09-295.3CVE-2020-15344

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.2022-09-295.3CVE-2020-15345

MISC

MISC
zyxel -- cloudcnm_secumanagerZyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.2022-09-295.3CVE-2020-15346

MISC

MISC
apache -- tomcatThe simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.2022-09-285.3CVE-2021-43980

MISC

MLIST
10up -- restricted_site_accessThe Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.2022-09-265.3CVE-2022-1613

MISC
elastic -- elastic_cloud_enterpriseA flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.2022-09-285.3CVE-2022-23716

MISC

MISC
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.2022-09-285.3CVE-2022-28813

CONFIRM
rocket.chat -- rocket.chatA cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.2022-09-235.3CVE-2022-32217

MISC
mailoptin -- mailoptinUnauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.2022-09-235.3CVE-2022-36340

CONFIRM

CONFIRM
connectwise -- connectwiseWiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor the traffic, and perform a brute force on the session code in order to get in. Sensitive data about the company , get in a session.2022-09-285.3CVE-2022-36781

MISC
lcnet -- smart_evisionSmart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only.2022-09-285.3CVE-2022-39031

MISC
matrix -- javascript_sdkMatrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is patched in matrix-js-sdk v19.7.0. Redacting applicable events, waiting for the sync processor to store data, and restarting the client are possible workarounds. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue.2022-09-285.3CVE-2022-39236

MISC

MISC

MISC

CONFIRM
parity -- frontierFrontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can construct blocks with transactions that have large amount of refunds or unused gases with reverts, and as a result inflate up the chain gas prices. The impact of this issue is limited in that the spamming attack would still be costly for any adversary, and it has no ability to alter any chain state. This issue has been patched in commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658. There are no known workarounds.2022-09-245.3CVE-2022-39242

MISC

CONFIRM
matrix -- software_development_kitmatrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. Starting with version 1.5.1, the default policy for accepting key forwards has been made more strict in the matrix-android-sdk2. The matrix-android-sdk2 will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). As a workaroubnd, current users of the SDK can disable key forwarding in their forks using `CryptoService#enableKeyGossiping(enable: Boolean)`.2022-09-285.3CVE-2022-39246

MISC

CONFIRM

MISC

MISC
gajim -- gajimAn issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.2022-09-275.3CVE-2022-39835

MISC

MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable2022-09-235.3CVE-2022-40979

MISC
hitach -- vantaraA tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3.2022-09-264.9CVE-2021-28052

MISC

MISC
moodle -- moodleInsufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.2022-09-294.9CVE-2021-40694

MISC
dell -- smartfabric_os10Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.2022-09-284.9CVE-2022-29089

MISC
adobe -- download_managerThe Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory2022-09-264.9CVE-2022-2926

MISC
tooljet -- tooljetJust like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim.2022-09-284.9CVE-2022-3348

CONFIRM

MISC
spacexchimp -- social_media_follow_buttons_barAuthenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress.2022-09-304.8CVE-2021-36839

CONFIRM

CONFIRM
mediawiki -- mediawikiAn issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.2022-09-294.8CVE-2021-42048

MISC

MISC
wordlift -- wordliftThe WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-09-264.8CVE-2022-3069

MISC
zealousweb -- generate_pdf_using_contact_form_7The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-09-264.8CVE-2022-3070

MISC
quantumcloud -- slider_heroThe Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks.2022-09-264.8CVE-2022-3074

MISC
seo_smart_links_project -- seo_smart_linksThe SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-09-264.8CVE-2022-3135

MISC
add_shortcodes_actions_and_filters_project -- add_shortcodes_actions_and_filtersAuthenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability Add Shortcodes Actions And Filters plugin <= 2.0.9 at WordPress.2022-09-234.8CVE-2022-37342

CONFIRM

CONFIRM
wpchill -- cpo_shortcodesAuthenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress.2022-09-234.8CVE-2022-40672

CONFIRM

CONFIRM
ieee -- ieee_802.2Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.2022-09-274.7CVE-2021-27853

CONFIRM

CONFIRM

CONFIRM

CISCO
ieee -- ieee_802.2Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.2022-09-274.7CVE-2021-27854

CONFIRM

CONFIRM

CONFIRM
ieee -- ieee_802.2Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)2022-09-274.7CVE-2021-27861

CONFIRM

CONFIRM

CONFIRM
ieee -- ieee_802.2Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).2022-09-274.7CVE-2021-27862

CONFIRM

CONFIRM
linux -- linux_kernelA race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition2022-09-274.7CVE-2022-3303

MISC

MISC
ikus-soft -- rdiffwebUse of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8.2022-09-284.6CVE-2022-3292

CONFIRM

MISC
apple -- macosThis issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.2022-09-234.4CVE-2022-32781

MISC

MISC

MISC

MISC
apple -- macosThis issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root privileges may be able to access private information.2022-09-234.4CVE-2022-32782

MISC
ibm -- rational_asset_managerIBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences.2022-09-294.3CVE-2011-4820

XF
moodle -- moodleA session hijack risk was identified in the Shibboleth authentication plugin.2022-09-294.3CVE-2021-40691

MISC
moodle -- moodleInsufficient capability checks made it possible for teachers to download users outside of their courses.2022-09-294.3CVE-2021-40692

MISC
moodle -- moodleIt was possible for a student to view their quiz grade before it had been released, using a quiz web service.2022-09-294.3CVE-2021-40695

MISC
themehunk -- wp_popup_builderThe WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup2022-09-264.3CVE-2022-2405

MISC
octopus -- octopus_serverIn affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.2022-09-284.3CVE-2022-2760

MISC
google -- chromeInappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.2022-09-264.3CVE-2022-3053

MISC

MISC

GENTOO

FEDORA
gunkastudios -- login_block_ipsThe Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack2022-09-264.3CVE-2022-3098

MISC
bytebase -- bytebaseThe “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.2022-09-284.3CVE-2022-32169

MISC

MISC
bytebase -- bytebaseThe “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.2022-09-284.3CVE-2022-32170

MISC

MISC
rocket.chat -- rocket.chatAn information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries.2022-09-234.3CVE-2022-32218

MISC
rocket.chat -- rocket.chatAn information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). This means virtually any authenticated user can access any data (except password hashes) of any user authenticated.2022-09-234.3CVE-2022-32219

MISC
rocket.chat -- rocket.chatAn improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching rid String a$regex query can be executed, bypassing the room access permission check for every but the first matching room.2022-09-234.3CVE-2022-32226

MISC
rocket.chat -- rocket.chatAn information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs.2022-09-234.3CVE-2022-32228

MISC
rocket.chat -- rocket.chatA information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.2022-09-234.3CVE-2022-32229

MISC
ikus-soft -- rdiffwebWeak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.2022-09-294.3CVE-2022-3326

CONFIRM

MISC
rocket.chat -- rocket.chatA NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access.2022-09-234.3CVE-2022-35246

MISC
rocket.chat -- rocket.chatA information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients.2022-09-234.3CVE-2022-35247

MISC
rocket.chat -- rocket.chatA information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.2022-09-234.3CVE-2022-35249

MISC
rocket.chat -- rocket.chatA privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.2022-09-234.3CVE-2022-35250

MISC
algolplus -- advanced_dynamic_pricing_for_woocommerceCross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress.2022-09-234.3CVE-2022-38095

CONFIRM

CONFIRM
clogica -- seo_redirectionCross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.2022-09-234.3CVE-2022-38704

CONFIRM

CONFIRM
castos -- seriously_simple_podcastingCross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.2022-09-234.3CVE-2022-40132

CONFIRM

CONFIRM
blazzdev -- rate_my_post_-_wp_rating_systemCross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.2022-09-234.3CVE-2022-40671

CONFIRM

CONFIRM
zammad -- zammadZammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.2022-09-274.3CVE-2022-40817

MISC
linux -- linux_kerneldrivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.2022-09-304.2CVE-2022-41848

MISC

MISC

Back to top

 

Low Vulnerabilities

Primary

Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
dell -- smartfabric_os10Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.2022-09-283.7CVE-2022-34394

MISC
haxx -- curlWhen curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.2022-09-233.7CVE-2022-35252

MISC

CONFIRM
parseplatform -- parse-serverParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for _Facebook_ and _Spotify_ may be circumvented. Configurations which allow users to authenticate using the Parse Server authentication adapter where `appIds` is set as a string instead of an array of strings authenticate requests from an app with a different app ID than the one specified in the `appIds` configuration. For this vulnerability to be exploited, an attacker needs to be assigned an app ID by the authentication provider which is a sub-set of the server-side configured app ID. This issue is patched in versions 4.10.16 and 5.2.7. There are no known workarounds.2022-09-233.7CVE-2022-39231

CONFIRM
bigbluebutton -- bigbluebuttonIn BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.2022-09-293.5CVE-2020-27601

MISC

MISC
toaruos -- toaruosreadelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file.2022-09-283.3CVE-2022-38934

MISC
trendmicro -- deep_securityAn Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708.2022-09-283.3CVE-2022-40707

N/A

N/A
trendmicro -- deep_securityAn Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707.2022-09-283.3CVE-2022-40708

N/A

N/A
trendmicro -- deep_securityAn Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708.2022-09-283.3CVE-2022-40709

N/A

N/A
parseplatform -- parse-serverParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker can assign the session object to their own user by writing to the `user` field and then read any custom fields of that session object. Note that assigning a session to another user does not usually change the privileges of either of the two users, and a user cannot assign their own session to another user. This issue is patched in version 4.10.15 and above, and 5.2.6 and above. To mitigate this issue in unpatched versions add a `beforeSave` trigger to the `_Session` class and prevent writing if the requesting user is different from the user in the session object.2022-09-233.1CVE-2022-39225

CONFIRM
blazzdev -- rate_my_post_-_wp_rating_systemAuthenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes.2022-09-233.1CVE-2022-40310

CONFIRM

CONFIRM
gavazziautomation -- cpy_car_park_serverIn Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.2022-09-282.7CVE-2022-28815

CONFIRM
ec-cube -- ec-cubeDirectory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information.2022-09-272.7CVE-2022-40199

MISC

MISC
ikus-soft -- rdiffwebImproper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8.2022-09-262.4CVE-2022-3301

CONFIRM

MISC

Back to top

 

Severity Not Yet Assigned

Primary

Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
N/A -- N/A

 
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.2022-09-30not yet calculatedCVE-2021-33354

MISC
N/A -- N/A

 
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress.2022-09-30not yet calculatedCVE-2021-36830

CONFIRM

CONFIRM
N/A -- N/A

 
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.2022-09-30not yet calculatedCVE-2021-36865

CONFIRM

CONFIRM
N/A -- N/A

 
AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.2022-09-30not yet calculatedCVE-2022-1959

MISC

MISC
N/A -- N/A

 
A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a smart card login to bypass Duo authentication. A successful exploit could allow the attacker to use any personal identity verification (PIV) smart card for authentication, even if the smart card is not assigned to the authenticating user.2022-09-30not yet calculatedCVE-2022-20662

CISCO
N/A -- N/A

 
A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.2022-09-30not yet calculatedCVE-2022-20728

CISCO
N/A -- N/A

 
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.2022-09-30not yet calculatedCVE-2022-20769

CISCO
N/A -- N/A

 
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.2022-09-30not yet calculatedCVE-2022-20775

CISCO
N/A -- N/A

 
A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device.2022-09-30not yet calculatedCVE-2022-20810

CISCO
N/A -- N/A

 
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.2022-09-30not yet calculatedCVE-2022-20818

CISCO
N/A -- N/A

 
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.2022-09-30not yet calculatedCVE-2022-20844

CISCO
N/A -- N/A

 
A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malicious DHCP messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2022-09-30not yet calculatedCVE-2022-20847

CISCO
N/A -- N/A

 
A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2022-09-30not yet calculatedCVE-2022-20848

CISCO
N/A -- N/A

 
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.2022-09-30not yet calculatedCVE-2022-20850

CISCO
N/A -- N/A

 
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device.2022-09-30not yet calculatedCVE-2022-20851

CISCO
N/A -- N/A

 
A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.2022-09-30not yet calculatedCVE-2022-20855

CISCO
N/A -- N/A

 
A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition.2022-09-30not yet calculatedCVE-2022-20856

CISCO
N/A -- N/A

 
A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.2022-09-30not yet calculatedCVE-2022-20919

CISCO
N/A -- N/A

 
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.2022-09-30not yet calculatedCVE-2022-20930

CISCO
N/A -- N/A

 
A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition.2022-09-30not yet calculatedCVE-2022-20945

CISCO
N/A -- N/A

 
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.2022-09-30not yet calculatedCVE-2022-21222

CONFIRM

CONFIRM
N/A -- N/A

 
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.2022-09-30not yet calculatedCVE-2022-21826

MISC
N/A -- N/A

 
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.2022-09-30not yet calculatedCVE-2022-23726

MISC

CONFIRM
N/A -- N/A

 
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.2022-09-30not yet calculatedCVE-2022-24373

CONFIRM

CONFIRM

CONFIRM

CONFIRM
N/A -- N/A

 
sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.2022-09-30not yet calculatedCVE-2022-2529

MISC
N/A -- N/A

 
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.2022-09-30not yet calculatedCVE-2022-2778

MISC
N/A -- N/A

 
Certain HP Print Products are potentially vulnerable to Buffer Overflow.2022-09-26not yet calculatedCVE-2022-28722

MISC
N/A -- N/A

 
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.2022-09-30not yet calculatedCVE-2022-2922

MISC

CONFIRM
N/A -- N/A

 
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.2022-09-30not yet calculatedCVE-2022-3371

CONFIRM

MISC
N/A -- N/A

 
hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.2022-09-29not yet calculatedCVE-2022-33880

MISC
N/A -- N/A

 
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.2022-09-30not yet calculatedCVE-2022-34428

MISC
N/A -- N/A

 
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.2022-09-30not yet calculatedCVE-2022-34429

MISC
N/A -- N/A

 
DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.2022-09-29not yet calculatedCVE-2022-35137

MISC

MISC
N/A -- N/A

 
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.2022-09-30not yet calculatedCVE-2022-35155

MISC

MISC

MISC
N/A -- N/A

 
Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..2022-09-30not yet calculatedCVE-2022-35156

MISC

MISC

MISC
N/A -- N/A

 
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.2022-09-29not yet calculatedCVE-2022-36066

MISC

CONFIRM

MISC
N/A -- N/A

 
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.2022-09-29not yet calculatedCVE-2022-36068

MISC

MISC

CONFIRM
N/A -- N/A

 
Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.2022-09-30not yet calculatedCVE-2022-37461

MISC

MISC

CONFIRM
N/A -- N/A

 
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.2022-09-29not yet calculatedCVE-2022-39226

CONFIRM

MISC

MISC
N/A -- N/A

 
Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console.2022-09-29not yet calculatedCVE-2022-39232

MISC

CONFIRM

MISC
N/A -- N/A

 
isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. As of time of publication, there are no known fixed versions or workarounds.2022-09-29not yet calculatedCVE-2022-39266

CONFIRM
N/A -- N/A

 
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at rick@orchest.io2022-09-30not yet calculatedCVE-2022-39268

MISC

MISC

MISC

CONFIRM
N/A -- N/A

 
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.2022-09-30not yet calculatedCVE-2022-40274

MISC

MISC
N/A -- N/A

 
Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.2022-09-30not yet calculatedCVE-2022-40277

MISC

MISC
N/A -- N/A

 
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.2022-09-30not yet calculatedCVE-2022-40313

MISC

MISC
N/A -- N/A

 
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.2022-09-30not yet calculatedCVE-2022-40314

MISC

MISC
N/A -- N/A

 
A limited SQL injection risk was identified in the "browse list of users" site administration page.2022-09-30not yet calculatedCVE-2022-40315

MISC

MISC
N/A -- N/A

 
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.2022-09-30not yet calculatedCVE-2022-40316

MISC

MISC
N/A -- N/A

 
mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file.2022-09-30not yet calculatedCVE-2022-40341

MISC

MISC
N/A -- N/A

 
A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file.2022-09-29not yet calculatedCVE-2022-40363

MISC

MISC
N/A -- N/A

 
If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database.2022-09-30not yet calculatedCVE-2022-40756

MISC

MISC
N/A -- N/A

 
kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'2022-09-29not yet calculatedCVE-2022-40879

MISC
N/A -- N/A

 
SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.2022-09-29not yet calculatedCVE-2022-40887

MISC
N/A -- N/A

 
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.2022-09-30not yet calculatedCVE-2022-40923

MISC
N/A -- N/A

 
Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.2022-09-30not yet calculatedCVE-2022-40943

MISC

MISC
N/A -- N/A

 
Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.2022-09-30not yet calculatedCVE-2022-40944

MISC

MISC

MISC
N/A -- N/A

 
Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.2022-09-30not yet calculatedCVE-2022-41437

MISC
N/A -- N/A

 
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.2022-09-30not yet calculatedCVE-2022-41439

MISC
N/A -- N/A

 
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.2022-09-30not yet calculatedCVE-2022-41440

MISC
N/A -- N/A

 
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.2022-09-30not yet calculatedCVE-2022-41849

MISC
N/A -- N/A

 
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.2022-09-30not yet calculatedCVE-2022-41850

MISC
N/A -- N/A

 
AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.2022-09-30not yet calculatedCVE-2022-41870

MISC
N/A -- N/A

 
RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.2022-09-30not yet calculatedCVE-2022-41975

MISC
N/A -- N/A

 
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.2022-10-01not yet calculatedCVE-2022-42002

MISC

MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.