Vulnerability Summary for the Week of November 28, 2022

Released
Dec 05, 2022
Document ID
SB22-339

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
acer -- aspire_a315-22g_firmwareVulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.2022-11-288.2CVE-2022-4020
MISC
adrotate_banner_manager_project -- adrotate_banner_managerCross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress.2022-11-308.8CVE-2022-26366
MISC
aerocms_project -- aerocmsAeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.2022-11-297.5CVE-2022-45329
MISC
apache -- fineractApache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.2022-11-298.8CVE-2022-44635
MISC
MLIST
automotive_shop_management_system_project -- automotive_shop_management_systemAutomotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.2022-11-257.2CVE-2022-44858
MISC
automotive_shop_management_system_project -- automotive_shop_management_systemAutomotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php.2022-11-257.2CVE-2022-44859
MISC
automotive_shop_management_system_project -- automotive_shop_management_systemAutomotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php.2022-11-257.2CVE-2022-44860
MISC
avs4you -- avs_audio_converterAVS Audio Converter 10.3 is vulnerable to Buffer Overflow.2022-11-289.8CVE-2022-44283
MISC
belden -- hirschmann_bat-c2_firmwareThe web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.2022-11-258.8CVE-2022-40282
MISC
FULLDISC
MISC
book_store_management_system_project -- book_store_management_systemA vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.2022-11-309.8CVE-2022-4229
MISC
MISC
book_store_management_system_project -- book_store_management_systemBook Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.2022-11-309.8CVE-2022-44097
MISC
book_store_management_system_project -- book_store_management_systemA vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587.2022-11-307.5CVE-2022-4228
MISC
MISC
botan_project -- botanIn Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).2022-11-279.1CVE-2022-43705
MISC
CONFIRM
canteen_management_system_project -- canteen_management_systemA vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523.2022-11-309.8CVE-2022-4222
MISC
MISC
church_management_system_project -- church_management_systemChurch Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.2022-11-307.2CVE-2022-45328
MISC
contec -- solarview_compact_firmwareSolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.2022-11-299.8CVE-2022-44354
MISC
decode-uri-component_project -- decode-uri-componentdecode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.2022-11-287.5CVE-2022-38900
MISC
MISC
discourse -- discourse_bbcodediscourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. As a workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode.2022-11-309.8CVE-2022-46162
MISC
CONFIRM
dlink -- dnr-322l_firmwareData Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.2022-11-298.8CVE-2022-40799
MISC
drachtio -- drachtio-serverdrachtio-server 0.8.18 has a heap-based buffer over-read via a long Request-URI in an INVITE request.2022-11-269.1CVE-2022-45909
MISC
dwbooster -- appointment_hour_bookingThe Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.2022-11-297.8CVE-2022-4034
MISC
MISC
epson -- tm-c3500_firmwareThe WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.2022-11-259.1CVE-2022-36133
MISC
MISC
etm-s -- ondiskplayeragentRemote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code.2022-11-257.8CVE-2022-41156
MISC
event_registration_system_project -- event_registration_systemA vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.2022-11-309.8CVE-2022-4232
MISC
eyoom -- eyoom_builderRemote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code.2022-11-259.8CVE-2022-41158
MISC
f-secure -- elements_endpoint_protectionIn F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.2022-11-257.5CVE-2022-38166
MISC
festo -- multiple_products
 
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.2022-12-019.8CVE-2022-3270
MISC
ff4j -- ff4jff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).2022-12-019.8CVE-2022-44262
MISC
freeamigos -- manage_notification_e-mailsCross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on WordPress.2022-11-288.8CVE-2022-34654
MISC
fusionauth -- fusionauthFusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.2022-11-287.5CVE-2022-45921
MISC
MISC
gnu -- emacsGNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.2022-11-287.8CVE-2022-45939
MISC
gnu -- libredwgLibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.2022-11-307.8CVE-2022-45332
MISC
google -- chromeHeap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)2022-11-259.6CVE-2022-4135
MISC
MISC
google -- chromeType confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-308.8CVE-2022-4174
MISC
MISC
google -- chromeUse after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-308.8CVE-2022-4175
MISC
MISC
google -- chromeOut of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High)2022-11-308.8CVE-2022-4176
MISC
MISC
google -- chromeUse after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)2022-11-308.8CVE-2022-4177
MISC
MISC
google -- chromeUse after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-308.8CVE-2022-4178
MISC
MISC
google -- chromeUse after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)2022-11-308.8CVE-2022-4179
MISC
MISC
google -- chromeUse after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)2022-11-308.8CVE-2022-4180
MISC
MISC
google -- chromeUse after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-11-308.8CVE-2022-4181
MISC
MISC
google -- chromeInsufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)2022-11-308.8CVE-2022-4190
MISC
MISC
google -- chromeUse after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)2022-11-308.8CVE-2022-4191
MISC
MISC
google -- chromeUse after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)2022-11-308.8CVE-2022-4192
MISC
MISC
google -- chromeInsufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)2022-11-308.8CVE-2022-4193
MISC
MISC
google -- chromeUse after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2022-11-308.8CVE-2022-4194
MISC
MISC
gpac -- gpacA vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214518 is the identifier assigned to this vulnerability.2022-11-298.8CVE-2022-4202
N/A
N/A
gpac -- gpacGPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.2022-11-297.8CVE-2022-45202
MISC
gpac -- gpacGPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.2022-11-297.8CVE-2022-45343
MISC
ibericode -- html_formsThe HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users2022-11-287.2CVE-2022-3689
MISC
jeecg -- jeecg_bootJeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check.2022-11-259.8CVE-2022-45206
MISC
MISC
jeecg -- jeecg_bootJeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString.2022-11-259.8CVE-2022-45207
MISC
MISC
kakaocorp -- potplayerA vulnerability classified as problematic has been found in Kakao PotPlayer. This affects an unknown part of the component MID File Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214623.2022-12-017.5CVE-2022-4246
N/A
N/A
N/A
kubeview_project -- kubeviewKubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."2022-11-279.8CVE-2022-45933
MISC
linecorp -- lineLINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.2022-11-297.5CVE-2022-41568
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.2022-11-277.8CVE-2022-45934
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.2022-11-257CVE-2022-45884
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.2022-11-257CVE-2022-45885
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.2022-11-257CVE-2022-45886
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.2022-11-277CVE-2022-45919
MISC
linuxfoundation -- opendaylightA SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface.2022-11-277.5CVE-2022-45930
MISC
MISC
linuxfoundation -- opendaylightA SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.2022-11-277.5CVE-2022-45931
MISC
MISC
linuxfoundation -- opendaylightA SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.2022-11-277.5CVE-2022-45932
MISC
MISC
linuxfoundation -- pytorchIn PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.2022-11-269.8CVE-2022-45907
MISC
MISC
mitsubishielectric -- gx_works3Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthorized users may obtain information about project files illegally.2022-11-259.1CVE-2022-29830
MISC
MISC
mitsubishielectric -- gx_works3Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users can gain unauthorized access to the CPU module and the OPC UA server module.2022-11-257.5CVE-2022-25164
MISC
MISC
mitsubishielectric -- gx_works3Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 all versions allows an unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.2022-11-257.5CVE-2022-29825
MISC
MISC
mitsubishielectric -- gx_works3Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions 1.086Q and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.2022-11-257.5CVE-2022-29826
MISC
MISC
mitsubishielectric -- gx_works3Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.2022-11-257.5CVE-2022-29827
MISC
MISC
mitsubishielectric -- gx_works3Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.2022-11-257.5CVE-2022-29828
MISC
MISC
mitsubishielectric -- gx_works3Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information . As a result, unauthorized users may view or execute programs illegally.2022-11-257.5CVE-2022-29829
MISC
MISC
mitsubishielectric -- gx_works3Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to obtain information about the project file for MELSEC safety CPU modules.2022-11-257.5CVE-2022-29831
MISC
MISC
moodle -- moodleA blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.2022-11-259.1CVE-2022-45152
MISC
MISC
MISC
movie_ticket_booking_system_project -- movie_ticket_booking_systemA vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214624.2022-12-019.8CVE-2022-4247
N/A
N/A
movie_ticket_booking_system_project -- movie_ticket_booking_systemA vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214625 was assigned to this vulnerability.2022-12-019.8CVE-2022-4248
N/A
N/A
moxa -- uc-2101-lx_firmwareUC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.2022-11-287.8CVE-2022-3088
MISC
msi -- centerAn issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet.2022-11-288.8CVE-2022-31877
MISC
MISC
muhammara_project -- muhammaraMuhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. The issue has been patched in muhammara version 3.4.0 and the fix has been backported to version 2.6.2. As a workaround, do not process files from untrusted sources. If using hummus, replace the package with muhammara.2022-11-287.5CVE-2022-41957
MISC
CONFIRM
MISC
octopus -- octopus_serverIn affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.2022-11-257.5CVE-2022-2721
MISC
online-shopping-system-advanced_project -- online-shopping-system-advancedOnline-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.2022-11-299.8CVE-2022-42109
MISC
MISC
online_tours_\&_travels_management_system_project -- online_tours_\&_travels_management_systemOnline Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php.2022-11-289.8CVE-2022-44401
MISC
op-tee -- op-tee_osOP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The commands `OPTEE_MSG_CMD_OPEN_SESSION` and `OPTEE_MSG_CMD_INVOKE_COMMAND` can be executed from the normal world via an OP-TEE SMC. This function is not validating the `num_params` argument, which is only limited to `OPTEE_MSG_MAX_NUM_PARAMS` (127) in the function `get_cmd_buffer()`. Therefore, an attacker in the normal world can craft an SMC call that will cause out-of-bounds reading in `cleanup_shm_refs` and potentially freeing of fake-objects in the function `mobj_put()`. A normal-world attacker with permission to execute SMC instructions may exploit this flaw. Maintainers believe this problem permits local privilege escalation from the normal world to the secure world. Version 3.19.0 contains a fix for this issue. There are no known workarounds.2022-11-298.8CVE-2022-46152
MISC
MISC
MISC
CONFIRM
orchardcore -- orchard_cmsOrchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser.2022-11-259CVE-2022-37720
MISC
MISC
MISC
owncast_project -- owncastSQL Injection in GitHub repository owncast/owncast prior to 0.0.13.2022-11-299.8CVE-2022-3751
CONFIRM
MISC
paddlepaddle -- paddlepaddleIn PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.2022-11-269.8CVE-2022-45908
MISC
MISC
perfsonar -- perfsonarAn issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.2022-11-308.6CVE-2022-41412
MISC
MISC
phpgurukul_blood_donor_management_system_project -- phpgurukul_blood_donor_management_systemPHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.2022-11-258.1CVE-2022-38813
MISC
MISC
MISC
MISC
piwebsolution -- export_customers_list_csv_for_woocommerceThe Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection.2022-11-289.8CVE-2022-3603
MISC
poultry_farm_management_system_project -- poultry_farm_management_systemPoultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.2022-11-289.8CVE-2022-44399
MISC
prometheus -- exporter_toolkitPrometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, i someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.2022-11-298.8CVE-2022-46146
CONFIRM
MISC
MLIST
MLIST
MLIST
purchase_order_management_system_project -- purchase_order_management_systemPurchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.2022-11-289.8CVE-2022-44400
MISC
pyrocms -- pyrocmsPyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.2022-11-259CVE-2022-37721
MISC
MISC
qs_project -- qsqs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).2022-11-267.5CVE-2022-24999
MISC
CONFIRM
CONFIRM
raidenmaild -- raidenmaildA remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side.2022-11-298CVE-2022-41675
MISC
russound -- xsourceplayer_777d_firmwareRussound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component.2022-11-299.8CVE-2022-44038
MISC
saml_project -- samlThe crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.2022-11-289.8CVE-2022-41912
MISC
CONFIRM
samtools -- htsjdkThe package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.2022-11-297.8CVE-2022-21126
MISC
MISC
MISC
sanitization_management_system_project -- sanitization_management_systemSanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.2022-11-309.8CVE-2022-44096
MISC
sanitization_management_system_project -- sanitization_management_systemSimple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.2022-11-309.8CVE-2022-44151
MISC
sanitization_management_system_project -- sanitization_management_systemSanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product.2022-12-027.2CVE-2022-44277
MISC
sanitization_management_system_project -- sanitization_management_systemSanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.2022-11-307.2CVE-2022-44294
MISC
sanitization_management_system_project -- sanitization_management_systemSanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=.2022-11-307.2CVE-2022-44295
MISC
sanitization_management_system_project -- sanitization_management_systemSanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=.2022-11-307.2CVE-2022-44296
MISC
sanitization_management_system_project -- sanitization_management_systemSanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=.2022-12-027.2CVE-2022-44345
MISC
sanitization_management_system_project -- sanitization_management_systemSanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=.2022-12-027.2CVE-2022-44347
MISC
sanitization_management_system_project -- sanitization_management_systemSanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=.2022-12-027.2CVE-2022-44348
MISC
sapido -- br270n_firmwareA vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592.2022-11-308.8CVE-2021-4242
MISC
MISC
MISC
school_management_system_project -- school_management_systemSQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.2022-11-289.8CVE-2022-36193
MISC
MISC
simple-press -- simple\The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution.2022-11-298.1CVE-2022-4030
MISC
MISC
sinatrarb -- sinatraSinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.2022-11-288.8CVE-2022-45442
MISC
MISC
CONFIRM
MISC
snyk -- snyk_securityThe package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the the CLI tool directly, or when running a scan with one of the IDE plugins that invoke the Snyk CLI. Successful exploitation of this issue would likely require some level of social engineering - to coerce an untrusted project to be downloaded and analyzed via the Snyk CLI or opened in an IDE where a Snyk IDE plugin is installed and enabled. Additionally, if the IDE has a Trust feature then the target folder must be marked as ‘trusted’ in order to be vulnerable. **NOTE:** This issue is independent of the one reported in [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342), and upgrading to a fixed version for this addresses that issue as well. The affected IDE plugins and versions are: - VS Code - Affected: <=1.8.0, Fixed: 1.9.0 - IntelliJ - Affected: <=2.4.47, Fixed: 2.4.48 - Visual Studio - Affected: <=1.1.30, Fixed: 1.1.31 - Eclipse - Affected: <=v20221115.132308, Fixed: All subsequent versions - Language Server - Affected: <=v20221109.114426, Fixed: All subsequent versions2022-11-308.8CVE-2022-24441
MISC
MISC
MISC
MISC
MISC
MISC
MISC
solarwinds -- orion_platformSolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.2022-11-298.8CVE-2022-36960
MISC
MISC
solarwinds -- orion_platformSolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.2022-11-298.8CVE-2022-36964
MISC
MISC
solarwinds -- orion_platformSolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.2022-11-297.2CVE-2022-36962
MISC
MISC
sophos -- xg_firewall_firmwareA stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall older than version 19.5 GA.2022-12-018.4CVE-2022-3709
CONFIRM
spatie -- browsershotBrowsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.2022-11-258.2CVE-2022-41706
MISC
MISC
squirrly -- seo_plugin_by_squirrly_seoAuth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress.2022-11-288.8CVE-2022-38140
MISC
static-dev-server_project -- static-dev-serverThis affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.2022-11-297.5CVE-2022-25848
MISC
MISC
super_xray_project -- super_xraysuper-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.2022-11-257.8CVE-2022-41958
MISC
CONFIRM
sz-fujia -- ourphotoThe user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an attacker to discover sensitive information such as end-user email addresses, and their unique frame_token value of all other Ourphoto App end-users.2022-11-287.5CVE-2022-24187
MISC
MISC
sz-fujia -- ourphotoThe /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality.2022-11-287.5CVE-2022-24188
MISC
sz-fujia -- ourphotoThe /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction.2022-11-287.5CVE-2022-24190
MISC
telos -- alliance_omnia_mpx_node_firmwareAn Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords.2022-11-297.5CVE-2022-43326
MISC
tenda -- tx9_pro_firmwareTenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind.2022-11-307.5CVE-2022-45337
MISC
themehigh -- checkout_field_editor_for_woocommerceThe Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present2022-11-287.2CVE-2022-3490
MISC
thinkcmf -- thinkcmfThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.2022-12-018.8CVE-2022-40489
MISC
tiny_file_manager_project -- tiny_file_managerTiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.2022-11-258.8CVE-2022-23044
MISC
MISC
tiny_file_manager_project -- tiny_file_managerTiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.2022-11-258.8CVE-2022-45475
MISC
MISC
tiny_file_manager_project -- tiny_file_managerTiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.2022-11-258.8CVE-2022-45476
MISC
MISC
totolink -- a7100ru_firmwareTOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.2022-11-259.8CVE-2022-44843
MISC
totolink -- a7100ru_firmwareTOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.2022-11-259.8CVE-2022-44844
MISC
tribalsystems -- zenarioZenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).2022-11-309.8CVE-2022-44136
MISC
uatech -- badasoBadaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.2022-11-259.8CVE-2022-41705
MISC
MISC
ujsoftware -- owm_weatherThe OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor2022-11-288.8CVE-2022-3769
MISC
MISC
ultimatemember -- ultimate_memberThe Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server.2022-11-297.2CVE-2022-3383
MISC
MISC
MISC
MISC
ultimatemember -- ultimate_memberThe Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through the function. This makes it possible for authenticated attackers, with administrative privileges, to execute code on the server.2022-11-297.2CVE-2022-3384
MISC
MISC
MISC
MISC
velneo -- vclientVelneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.2022-11-287.4CVE-2021-45036
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
vim -- vimHeap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.2022-11-257.8CVE-2022-4141
CONFIRM
MISC
wavlink -- wl-wn531g3_firmwareWAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.2022-11-297.5CVE-2022-44356
MISC
wbce -- wbce_cmsAn arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.2022-11-257.2CVE-2022-45039
MISC
web_based_quiz_system_project -- web_based_quiz_systemWeb Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack.2022-11-257.5CVE-2022-44411
MISC
webcash -- serp_server_2.0A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.2022-11-259.8CVE-2022-41157
MISC
windriver -- vxworksAn issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.2022-11-257.5CVE-2022-38767
MISC
MISC
wp_user_merger_project -- wp_user_mergerThe WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin2022-11-288.8CVE-2022-3848
MISC
MISC
wp_user_merger_project -- wp_user_mergerThe WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin2022-11-288.8CVE-2022-3849
MISC
MISC
wp_user_merger_project -- wp_user_mergerThe WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin2022-11-288.8CVE-2022-3865
MISC
MISC
wpsmartcontracts -- wpsmartcontractsThe WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author2022-11-288.8CVE-2022-3768
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
airtable -- airtableAirtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL environment variables are inserted during Browserify builds due to being referenced in Airtable.js code. This only affects copies of Airtable.js built from its source, not those installed via npm or yarn. Airtable API keys set in users’ environments via the AIRTABLE_API_KEY environment variable may be bundled into local copies of Airtable.js source code if all of the following conditions are met: 1) the user has cloned the Airtable.js source onto their machine, 2) the user runs the `npm prepare` script, and 3) the user' has the AIRTABLE_API_KEY environment variable set. If these conditions are met, a user’s local build of Airtable.js would be modified to include the value of the AIRTABLE_API_KEY environment variable, which could then be accidentally shipped in the bundled code. Users who do not meet all three of these conditions are not impacted by this issue. Users should upgrade to Airtable.js version 0.11.6 or higher; or, as a workaround unset the AIRTABLE_API_KEY environment variable in their shell and/or remove it from your .bashrc, .zshrc, or other shell configuration files. Users should also regenerate any Airtable API keys they use, as the keysy may be present in bundled code.2022-11-296.4CVE-2022-46155
CONFIRM
MISC
MISC
amasty -- amasty_blog_proThe blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.2022-11-296.1CVE-2022-36433
MISC
MISC
analytics_for_wp_project -- analytics_for_wpThe Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-11-284.8CVE-2022-3839
MISC
apereo -- opencastOpencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's Opencast install, potentially facilitating phishing attacks or other security issues. This issue is fixed in Opencast 12.5 and newer.2022-11-286.1CVE-2022-41965
CONFIRM
MISC
axiell -- iguanaA reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability.2022-12-016.1CVE-2022-45050
MISC
basercms -- basercmsBaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability.2022-11-256.1CVE-2022-39325
CONFIRM
MISC
MISC
beautiful-cookie-banner -- beautiful_cookie_consent_bannerThe Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-11-284.8CVE-2022-3823
MISC
book_store_management_system_project -- book_store_management_systemBook Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter.2022-11-256.1CVE-2022-45225
MISC
bosscms -- bosscmsBosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module.2022-11-286.5CVE-2022-44937
MISC
callback -- cbfs_filterA null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.2022-11-285.5CVE-2022-43588
MISC
callback -- cbfs_filterA null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.2022-11-285.5CVE-2022-43589
MISC
callback -- cbfs_filterA null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.2022-11-285.5CVE-2022-43590
MISC
canteen_management_system_project -- canteen_management_systemA vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359.2022-11-256.1CVE-2022-4091
MISC
MISC
canteen_management_system_project -- canteen_management_systemA vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. The manipulation of the argument brand_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214595.2022-11-306.1CVE-2022-4234
MISC
MISC
canteen_management_system_project -- canteen_management_systemA vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214629 was assigned to this vulnerability.2022-12-016.1CVE-2022-4252
N/A
N/A
canteen_management_system_project -- canteen_management_systemA vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214630 is the identifier assigned to this vulnerability.2022-12-015.4CVE-2022-4253
N/A
N/A
chocolatey -- chocolatey_azure-pipelines-agentInsecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.2022-11-294.3CVE-2022-45306
MISC
chocolatey -- chocolatey_cmderInsecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.2022-11-294.3CVE-2022-45304
MISC
chocolatey -- chocolatey_phpInsecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.2022-11-294.3CVE-2022-45307
MISC
chocolatey -- chocolatey_python3Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.2022-11-294.3CVE-2022-45305
MISC
chocolatey -- chocolatey_rubyInsecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.2022-11-294.3CVE-2022-45301
MISC
churchcrm -- churchcrmChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.2022-11-294.8CVE-2022-36136
MISC
MISC
churchcrm -- churchcrmChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.2022-11-294.8CVE-2022-36137
MISC
MISC
contect -- solarview_compact_firmwareSolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.2022-11-296.1CVE-2022-44355
MISC
dinstar -- dag2000-16o_firmwareDinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS).2022-11-285.4CVE-2022-44284
MISC
discourse -- discourseDiscourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.2022-11-295.4CVE-2022-46148
CONFIRM
discourse -- discourseDiscourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available.2022-11-284.3CVE-2022-41921
CONFIRM
MISC
discourse -- discourseDiscourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.2022-11-284.3CVE-2022-41944
MISC
CONFIRM
discourse -- discourseDiscourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.2022-11-294.3CVE-2022-46150
CONFIRM
MISC
dwbooster -- appointment_hour_bookingThe Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page.2022-11-296.1CVE-2022-4035
MISC
MISC
dwbooster -- appointment_hour_bookingThe Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.2022-11-295.3CVE-2022-4036
MISC
MISC
electronic_shelf_label_protocol_project -- electronic_shelf_label_protocolThe ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.2022-11-275.3CVE-2022-45914
MISC
event_registration_system_project -- event_registration_systemA vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=user/list. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-214591.2022-11-306.1CVE-2022-4233
MISC
expresstech -- quiz_and_survey_masterThe Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page.2022-11-296.1CVE-2022-4032
MISC
MISC
expresstech -- quiz_and_survey_masterThe Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.2022-11-295.3CVE-2022-4033
MISC
MISC
find_and_replace_all_project -- find_and_replace_allThe Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.2022-11-286.1CVE-2022-2311
MISC
find_and_replace_all_project -- find_and_replace_allThe Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack2022-11-284.3CVE-2022-3850
MISC
frappe -- frappeFrappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.2022-11-256.5CVE-2022-41712
MISC
MISC
garage_management_system_project -- garage_management_systemGarage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php.2022-11-296.1CVE-2022-44279
MISC
getawesomesupport -- awesome_supportThe Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector2022-11-286.5CVE-2022-3511
MISC
google -- chromeInsufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)2022-11-306.5CVE-2022-4187
MISC
MISC
google -- chromeInappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)2022-11-304.3CVE-2022-4182
MISC
MISC
google -- chromeInsufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)2022-11-304.3CVE-2022-4183
MISC
MISC
google -- chromeInsufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)2022-11-304.3CVE-2022-4184
MISC
MISC
google -- chromeInappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)2022-11-304.3CVE-2022-4185
MISC
MISC
google -- chromeInsufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)2022-11-304.3CVE-2022-4186
MISC
MISC
google -- chromeInsufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)2022-11-304.3CVE-2022-4188
MISC
MISC
google -- chromeInsufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)2022-11-304.3CVE-2022-4189
MISC
MISC
google -- chromeInsufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)2022-11-304.3CVE-2022-4195
MISC
MISC
google_forms_project -- google_formsThe Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-11-284.8CVE-2022-3834
MISC
gpac -- gpacGPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.2022-11-295.5CVE-2022-45204
MISC
human_resource_management_system_project -- human_resource_management_systemHuman Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message.2022-11-256.1CVE-2022-45218
MISC
MISC
ibm -- maximo_application_suiteIBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.2022-11-285.5CVE-2022-41732
MISC
MISC
image_hover_effects_css3_project -- image_hover_effects_css3The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-11-284.8CVE-2022-3601
MISC
jeecg -- jeecg_bootJeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.2022-11-255.3CVE-2022-45205
MISC
MISC
jeecg -- jeecg_bootJeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.2022-11-254.3CVE-2022-45208
MISC
MISC
jeecg -- jeecg_bootJeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.2022-11-254.3CVE-2022-45210
MISC
MISC
jeeng_push_notifications_project -- jeeng_push_notificationsThe Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-11-284.8CVE-2022-3610
MISC
klik_project -- klikKLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input.2022-11-295.4CVE-2022-42099
MISC
MISC
klik_project -- klikKLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.2022-11-295.4CVE-2022-42100
MISC
MISC
lepton_project -- leptonA loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service.2022-11-285.5CVE-2022-4104
MISC
linux -- layer_2_tunneling_protocolA flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.2022-11-285.5CVE-2022-4129
MISC
MISC
FEDORA
FEDORA
FEDORA
linux -- linux_kernelAn issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.2022-11-256.4CVE-2022-45888
MISC
linux -- linux_kernelA NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service.2022-11-285.5CVE-2022-4127
MISC
MISC
linux -- linux_kernelA race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.2022-11-304.7CVE-2022-45869
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.2022-11-254.7CVE-2022-45887
MISC
MISC
linux -- mptcp_protocolA NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service.2022-11-285.5CVE-2022-4128
MISC
MISC
m-files -- m-files_serverError in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.2022-11-305.3CVE-2022-1911
MISC
m-files -- m-files_serverIncorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.2022-11-304.3CVE-2022-1606
MISC
metagauss -- download_pluginThe Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.2022-11-284.3CVE-2021-25059
MISC
microfocus -- netiq_advanced_authenticationThis update resolves a multi-factor authentication bypass attack2022-11-286.3CVE-2022-38753
MISC
microweber -- microweberMicroweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.2022-11-256.1CVE-2022-0698
MISC
MISC
mitsubishielectric -- gx_works3Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could obtain information about the project file for MELSEC safety CPU modules.2022-11-256.5CVE-2022-29832
MISC
MISC
mitsubishielectric -- gx_works3Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could access to MELSEC safety CPU modules illgally.2022-11-256.5CVE-2022-29833
MISC
MISC
movie_ticket_booking_system_project -- movie_ticket_booking_systemA vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Affected is an unknown function of the component POST Request Handler. The manipulation of the argument ORDER_ID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214626 is the identifier assigned to this vulnerability.2022-12-016.1CVE-2022-4249
N/A
N/A
movie_ticket_booking_system_project -- movie_ticket_booking_systemA vulnerability has been found in Movie Ticket Booking System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file booking.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214627.2022-12-016.1CVE-2022-4250
N/A
N/A
muffingroup -- becustomThe Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like betheme_url_slug, replaced_theme_author, and betheme_label to name a few, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2022-11-296.5CVE-2022-3747
MISC
MISC
MISC
nextcloud -- desktopNexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.2022-11-256.1CVE-2022-39333
MISC
CONFIRM
MISC
nextcloud -- desktopNexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.2022-11-255.4CVE-2022-39331
MISC
MISC
CONFIRM
nextcloud -- desktopNexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.2022-11-255.4CVE-2022-39332
MISC
MISC
CONFIRM
nextcloud -- desktopNextcloud desktop is the desktop sync client for Nextcloud. Versions prior to 3.6.1 would incorrectly trust invalid TLS certificates. A Man-in-the-middle attack is possible in case a user can be made running a nextcloudcmd CLI command locally. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this vulnerability.2022-11-254.7CVE-2022-39334
MISC
CONFIRM
MISC
MISC
nextcloud -- nextcloud_enterprise_serverNextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.2022-11-256.5CVE-2022-39346
CONFIRM
MISC
MISC
nextcloud -- openid_connect_user_backenduser_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this vulnerability has only been shown to be exploitable in the Safari web browser. This issue has been addressed in version 1.2.1. Users are advised to upgrade. Users unable to upgrade should urge their users to avoid using the Safari web browser.2022-11-255.4CVE-2022-39338
CONFIRM
MISC
MISC
nextcloud -- openid_connect_user_backenduser_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings).2022-11-254.3CVE-2022-39339
MISC
MISC
CONFIRM
nextcloud -- talkNextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue.2022-11-255.5CVE-2022-41926
MISC
CONFIRM
MISC
openedx -- xblock-drag-and-drop-v2Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contains a patch for this issue. There are no known workarounds.2022-11-286.1CVE-2022-46147
CONFIRM
MISC
MISC
MISC
perfsonar -- perfsonarperfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.2022-11-304.3CVE-2022-41413
MISC
MISC
photospace_gallery_project -- photospace_galleryThe Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2022-11-295.4CVE-2022-3991
MISC
MISC
qemu -- qemuAn out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.2022-11-296.5CVE-2022-4144
MISC
MISC
qemu -- qemuAn integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.2022-11-296.5CVE-2022-4172
MISC
MISC
MISC
raidenmaild -- raidenmaildRaiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient.2022-11-295.4CVE-2022-41676
MISC
realtek -- rtl8111fp-cg_firmwareRTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service.2022-11-296.5CVE-2022-32966
MISC
recaptcha_project -- recaptchaThe reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-11-284.8CVE-2022-3831
MISC
salat_times_project -- salat_timesThe Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-11-284.8CVE-2022-2983
MISC
sanitization_management_system_project -- sanitization_management_systemA cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.2022-11-286.1CVE-2022-45214
MISC
seppmail -- seppmailSEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS).2022-11-306.1CVE-2021-31740
MISC
showing_url_in_qr_code_project -- showing_url_in_qr_codeThe Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack2022-11-286.1CVE-2022-3847
MISC
MISC
simple-press -- simple\The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when responding to forum threads that will execute whenever a user accesses an injected page.2022-11-295.4CVE-2022-4027
MISC
MISC
simple-press -- simple\The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during the profile-save action when modifying a profile signature in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to inject arbitrary web scripts in pages when modifying a profile signature that will execute whenever a user accesses an injected page.2022-11-295.4CVE-2022-4028
MISC
MISC
simple-press -- simple\The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.2022-11-294.9CVE-2022-4031
MISC
MISC
simple-press -- simple\The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This would be highly complex to exploit as it would require the attacker to set the cookie a cookie for the targeted user.2022-11-294.7CVE-2022-4029
MISC
MISC
snyk -- snyk_cliThe package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605.2022-11-306.3CVE-2022-22984
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
sophos -- xg_firewall_firmwareA post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall older than version 19.5 GA.2022-12-014.3CVE-2022-3711
CONFIRM
spatie -- browsershotBrowsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol.2022-11-256.1CVE-2022-43983
MISC
MISC
spatie -- browsershotBrowsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.2022-11-256.1CVE-2022-43984
MISC
MISC
standalonetech -- terawalletThe TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets.2022-11-294.3CVE-2022-3995
MISC
MISC
sz-fujia -- ourphotoThe user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users.2022-11-286.5CVE-2022-24189
MISC
thematosoup -- fancier_author_boxThe Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-11-284.8CVE-2022-3833
MISC
theme_and_plugin_translation_for_polylang_project -- theme_and_plugin_translation_for_polylangThe Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.2022-11-285.3CVE-2022-4169
MISC
MISC
thinkcmf -- thinkcmfThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID).2022-12-015.4CVE-2022-40849
MISC
tipsandtricks-hq -- donations_via_paypalThe Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-11-284.8CVE-2022-3822
MISC
trellix -- agentAn uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.2022-11-306.7CVE-2022-3859
MISC
ultimatemember -- ultimate_memberThe Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users.2022-11-294.3CVE-2022-3361
MISC
MISC
MISC
MISC
video_thumbnails_project -- video_thumbnailsThe Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-11-284.8CVE-2022-3828
MISC
vmware -- toolsVMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.2022-11-296.5CVE-2021-31693
MISC
wbce -- wbce_cmsA cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.2022-11-255.4CVE-2022-45036
MISC
wbce -- wbce_cmsA cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.2022-11-255.4CVE-2022-45037
MISC
wbce -- wbce_cmsA cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.2022-11-255.4CVE-2022-45038
MISC
wbce -- wbce_cmsA cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.2022-11-255.4CVE-2022-45040
MISC
web-based_student_clearance_system_project -- web-based_student_clearance_systemWeb-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter.2022-11-284.8CVE-2022-45221
MISC
web-based_student_clearance_system_project -- web-based_student_clearance_systemWeb-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.2022-11-284.8CVE-2022-45223
MISC
web-based_student_clearance_system_project -- web-based_student_clearance_systemWeb-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.2022-11-284.8CVE-2022-45224
MISC
wp_admin_ui_customize_project -- wp_admin_ui_customizeThe WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-11-284.8CVE-2022-3824
MISC
wp_affiliate_platform_project -- wp_affiliate_platformThe WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthenticated attackers to delete affiliate records, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.2022-11-296.5CVE-2022-3898
MISC
MISC
wp_affiliate_platform_project -- wp_affiliate_platformThe WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is unlikely to work in modern browsers.2022-11-296.1CVE-2022-3896
MISC
MISC
wp_affiliate_platform_project -- wp_affiliate_platformThe WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2022-11-294.8CVE-2022-3897
MISC
MISC
zkteco -- biotimeZkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF2022-11-306.8CVE-2022-38803
MISC
MISC
zkteco -- biotimeZkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF2022-11-306.2CVE-2022-38802
MISC
MISC
zkteco -- biotimeIn Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.2022-11-305.4CVE-2022-38801
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
fortinet -- fortimanagerAn improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.2022-11-252.7CVE-2022-38377
MISC
mpxj -- mpxjMPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files.2022-11-253.3CVE-2022-41954
CONFIRM
MISC
realtek -- rtl8111ep-cg_firmwareRTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.2022-11-292.1CVE-2022-32967
MISC
sophos -- xg_firewall_firmwareA post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall older than version 19.5 GA.2022-12-012.7CVE-2022-3710
CONFIRM
wpulike -- wp_ulikeUnauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores.2022-11-303.7CVE-2022-45842
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
Xiongmai -- multiple_productsMultiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.2022-12-01not yet calculatedCVE-2022-45045
MISC
apache -- commons_net
 
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.2022-12-03not yet calculatedCVE-2021-37533
CONFIRM
MLIST
apsystems -- energy_communication_unit_power_control_softwareAn access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range.2022-11-29not yet calculatedCVE-2022-44037
MISC
asus -- nas-m25Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.2022-12-01not yet calculatedCVE-2022-4221
MISC
authentik -- authentikauthentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`.2022-12-02not yet calculatedCVE-2022-46145
MISC
MISC
MISC
book_store_management_system -- book_store_management_systemA cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module.2022-12-02not yet calculatedCVE-2022-45215
MISC
MISC
broadcom -- symantec_endpoint_protectionSymantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.2022-12-01not yet calculatedCVE-2022-37016
MISC
broadcom -- symantec_endpoint_protectionSymantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.2022-12-01not yet calculatedCVE-2022-37017
MISC
c-data -- web_management_systemA vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.2022-12-01not yet calculatedCVE-2022-4257
MISC
MISC
capnproto -- capnprotoCap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2.2022-11-30not yet calculatedCVE-2022-46149
MISC
CONFIRM
FEDORA
FEDORA
clastix -- capsuleCapsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the OwnerReference, removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation. Patches have been released for version 0.1.3. No known workarounds are available.2022-12-02not yet calculatedCVE-2022-46167
MISC
MISC
MISC
MISC
d-link -- dhp-w310avD-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.2022-12-02not yet calculatedCVE-2022-44930
MISC
d-link -- dvg-g5402spD-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.2022-12-02not yet calculatedCVE-2022-44928
MISC
d-link -- dvg-g5402spAn access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles.2022-12-02not yet calculatedCVE-2022-44929
MISC
dcmtk -- dcmtkDCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.2022-12-02not yet calculatedCVE-2022-43272
MISC
MISC
delta_industrial_automation -- dialink
 
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.2022-12-01not yet calculatedCVE-2022-2969
MISC
digital_alert_systems -- dasdecA cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login.2022-12-01not yet calculatedCVE-2022-40204
MISC
digital_alert_systems -- dasdec
 
Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in logs and rendered when viewed in the web application.2022-11-30not yet calculatedCVE-2019-18265
MISC
discourse -- discourseDiscourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.2022-12-02not yet calculatedCVE-2022-46159
MISC
MISC
dot_tech -- smart_campus_systemA vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.2022-12-03not yet calculatedCVE-2022-4280
N/A
N/A
feminer -- wmsA vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.2022-12-03not yet calculatedCVE-2022-4272
MISC
MISC
g810-led -- g810-ledg810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.2022-11-30not yet calculatedCVE-2022-46338
MISC
MISC
MLIST
github -- enterprise_server
 
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, and 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program.2022-12-01not yet calculatedCVE-2022-23737
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
gl.inet -- goodcloudIn GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings.2022-12-01not yet calculatedCVE-2022-44211
MISC
gl.inet -- goodcloudIn GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel.2022-12-01not yet calculatedCVE-2022-44212
MISC
google -- chromeType confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-12-02not yet calculatedCVE-2022-4262
MISC
MISC
grafana -- synthetic_monitoringThe Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed through a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks. Version 0.12.0 contains a fix. Users are advised to rotate the agent tokens. After upgrading to version v0.12.0 or later, it's recommended that users of distribution packages review the configuration stored in `/etc/synthetic-monitoring/synthetic-monitoring-agent.conf`, specifically the `API_TOKEN` variable which has been renamed to `SM_AGENT_API_TOKEN`. As a workaround for previous versions, it's recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter `-listen-address`, e.g. `-listen-address localhost:4050`.2022-11-30not yet calculatedCVE-2022-46156
CONFIRM
MISC
MISC
MISC
MISC
MISC
horner_automation -- remote_compact_controller_972The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).2022-12-02not yet calculatedCVE-2022-2640
MISC
horner_automation -- remote_compact_controller_972Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition.2022-12-02not yet calculatedCVE-2022-2641
MISC
horner_automation -- remote_compact_controller_972Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device.2022-12-02not yet calculatedCVE-2022-2642
MISC
house_rental_system -- house_rental_systemA vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability.2022-12-03not yet calculatedCVE-2022-4274
N/A
N/A
house_rental_system -- house_rental_systemA vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771.2022-12-03not yet calculatedCVE-2022-4275
N/A
N/A
house_rental_system -- house_rental_systemA vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772.2022-12-03not yet calculatedCVE-2022-4276
N/A
N/A
ibm -- db2u
 
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.2022-12-01not yet calculatedCVE-2022-41297
MISC
MISC
ibm -- watson_aiopsIBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827.2022-12-01not yet calculatedCVE-2022-43900
MISC
MISC
ibm -- watson_aiopsIBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.2022-12-01not yet calculatedCVE-2022-43901
MISC
MISC
isic.lk -- isik.lk
 
An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php.2022-12-01not yet calculatedCVE-2022-28607
MISC
isic.lk -- isik.lk
 
SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.2022-12-01not yet calculatedCVE-2022-30528
MISC
MISC
ixp -- easyinstall
 
IXPdata EasyInstall 6.6.14725 contains an access control issue.2022-12-01not yet calculatedCVE-2022-35120
MISC
m-files -- m-files_webIncorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.2022-12-02not yet calculatedCVE-2022-4270
MISC
mitsubishi_electric_corporation -- melsec_iq-r_series_rj71en71Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.2022-11-30not yet calculatedCVE-2022-40265
MISC
MISC
movie_ticket_booking_system -- movie_ticket_booking_systemA vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214628.2022-12-01not yet calculatedCVE-2022-4251
N/A
N/A
moxa -- multiple_products
 
An attacker with physical access to Moxa's bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A Series V2.2, UC-8200 Series V1.0 to V2.4, UC-8100A-ME-T Series V1.0 to V1.1, UC-8100 Series V1.2 to V1.3, UC-5100 Series V1.2, UC-3100 Series V1.2 to V2.0, UC-2100 Series V1.3 to V1.5, and UC-2100-W Series V1.3 to V1.5 can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.2022-12-02not yet calculatedCVE-2022-3086
MISC
nextcloud -- serverNextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available.2022-12-01not yet calculatedCVE-2022-41968
MISC
MISC
MISC
nextcloud -- serverNextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords.2022-12-01not yet calculatedCVE-2022-41969
MISC
MISC
MISC
nextcloud -- serverNextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.2022-12-01not yet calculatedCVE-2022-41970
MISC
MISC
MISC
nextcloud -- talk_androidNextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available.2022-12-01not yet calculatedCVE-2022-41971
MISC
MISC
MISC
ni -- labview_command_line_interfaceIncorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.2022-12-01not yet calculatedCVE-2022-42718
MISC
osticket -- osticketCross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.2022-12-02not yet calculatedCVE-2022-4271
CONFIRM
MISC
rocket_software -- trufusion_enterpriseAn arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1.2022-12-01not yet calculatedCVE-2022-36431
MISC
CONFIRM
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.2022-12-02not yet calculatedCVE-2022-44944
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.2022-12-02not yet calculatedCVE-2022-44945
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.2022-12-02not yet calculatedCVE-2022-44946
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".2022-12-02not yet calculatedCVE-2022-44947
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".2022-12-02not yet calculatedCVE-2022-44948
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.2022-12-02not yet calculatedCVE-2022-44949
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2022-12-02not yet calculatedCVE-2022-44950
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2022-12-02not yet calculatedCVE-2022-44951
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".2022-12-02not yet calculatedCVE-2022-44952
MISC
MISC
shaoxing -- background_management_systemA vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability.2022-12-03not yet calculatedCVE-2022-4277
N/A
N/A
snakeyaml -- snakeyaml
 
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization.2022-12-01not yet calculatedCVE-2022-1471
MISC
sophos -- firewallAn OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall older than version 19.5 GA.2022-12-01not yet calculatedCVE-2022-3226
CONFIRM
sophos -- firewallA post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall older than version 19.5 GA.2022-12-01not yet calculatedCVE-2022-3696
CONFIRM
sophos -- firewallA code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall older than version 19.5 GA.2022-12-01not yet calculatedCVE-2022-3713
CONFIRM
sourcecodester -- human_resource_management_systemA vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.2022-12-03not yet calculatedCVE-2022-4273
MISC
MISC
sourcecodester -- human_resource_management_systemA vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775.2022-12-03not yet calculatedCVE-2022-4278
N/A
N/A
sourcecodester -- human_resource_management_systemA vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776.2022-12-03not yet calculatedCVE-2022-4279
N/A
N/A
ssl_network_extender -- ssl_network_extenderThe IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.2022-11-30not yet calculatedCVE-2022-23746
MISC
swiftterm -- swiftterm
 
SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available.2022-12-02not yet calculatedCVE-2022-23465
MISC
MISC
telenia_software -- tvoxTelenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php.2022-12-01not yet calculatedCVE-2022-43333
MISC
telepad -- pc_keyboard_wifi/bluetoothPC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N2022-12-02not yet calculatedCVE-2022-45480
MISC
telos_alliance -- omnia_mpx_nodeAn unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.2022-12-02not yet calculatedCVE-2022-43325
MISC
telos_alliance -- omnia_mpx_nodeInsecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.2022-12-02not yet calculatedCVE-2022-45562
MISC
tenda -- ac6Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local).2022-12-01not yet calculatedCVE-2022-45640
MISC
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.2022-12-02not yet calculatedCVE-2022-45641
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function.2022-12-02not yet calculatedCVE-2022-45643
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function.2022-12-02not yet calculatedCVE-2022-45644
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.2022-12-02not yet calculatedCVE-2022-45645
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function.2022-12-02not yet calculatedCVE-2022-45646
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.2022-12-02not yet calculatedCVE-2022-45647
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.2022-12-02not yet calculatedCVE-2022-45648
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function.2022-12-02not yet calculatedCVE-2022-45649
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.2022-12-02not yet calculatedCVE-2022-45650
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function.2022-12-02not yet calculatedCVE-2022-45651
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function.2022-12-02not yet calculatedCVE-2022-45652
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function.2022-12-02not yet calculatedCVE-2022-45653
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function.2022-12-02not yet calculatedCVE-2022-45654
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function.2022-12-02not yet calculatedCVE-2022-45655
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.2022-12-02not yet calculatedCVE-2022-45656
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.2022-12-02not yet calculatedCVE-2022-45657
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function.2022-12-02not yet calculatedCVE-2022-45658
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.2022-12-02not yet calculatedCVE-2022-45659
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function.2022-12-02not yet calculatedCVE-2022-45660
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function.2022-12-02not yet calculatedCVE-2022-45661
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.2022-12-02not yet calculatedCVE-2022-45673
MISC
tenda -- ac6Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.2022-12-02not yet calculatedCVE-2022-45674
MISC
tenda -- i21Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule.2022-12-02not yet calculatedCVE-2022-44362
MISC
tenda -- i21Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo.2022-12-02not yet calculatedCVE-2022-44363
MISC
tenda -- i21Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd.2022-12-02not yet calculatedCVE-2022-44365
MISC
tenda -- i21Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo.2022-12-02not yet calculatedCVE-2022-44366
MISC
tenda -- i21Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo.2022-12-02not yet calculatedCVE-2022-44367
MISC
tenda -- i22Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.2022-12-02not yet calculatedCVE-2022-45663
MISC
tenda -- i22Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function.2022-12-02not yet calculatedCVE-2022-45664
MISC
tenda -- i22Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.2022-12-02not yet calculatedCVE-2022-45667
MISC
tenda -- i22Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.2022-12-02not yet calculatedCVE-2022-45668
MISC
tenda -- i22Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function.2022-12-02not yet calculatedCVE-2022-45669
MISC
tenda -- i22Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.2022-12-02not yet calculatedCVE-2022-45670
MISC
tenda -- i22Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function.2022-12-02not yet calculatedCVE-2022-45671
MISC
tenda -- i22Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function.2022-12-02not yet calculatedCVE-2022-45672
MISC
thisaay -- lazy_mouseLazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H2022-12-02not yet calculatedCVE-2022-45482
MISC
thisaay -- lazy_mouseLazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N2022-12-02not yet calculatedCVE-2022-45483
MISC
tribal_systems -- zenario_cmsA vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.2022-11-30not yet calculatedCVE-2022-4231
MISC
MISC
ulusal_siber_olaylara_müdahale_merkezi -- prens_student_information_systemAlgan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability.2022-12-02not yet calculatedCVE-2022-2807
CONFIRM
ulusal_siber_olaylara_müdahale_merkezi -- prens_student_information_systemAlgan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability.2022-12-02not yet calculatedCVE-2022-2808
CONFIRM
vim -- vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.2022-12-03not yet calculatedCVE-2022-3491
CONFIRM
MISC
vim -- vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.2022-12-02not yet calculatedCVE-2022-3520
MISC
CONFIRM
vim -- vim
 
Use After Free in GitHub repository vim/vim prior to 9.0.0789.2022-12-02not yet calculatedCVE-2022-3591
MISC
CONFIRM
webtareas -- webtareaswebTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.2022-12-02not yet calculatedCVE-2022-44290
MISC
MISC
webtareas -- webtareaswebTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.2022-12-02not yet calculatedCVE-2022-44291
MISC
MISC
webtareas -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".2022-12-02not yet calculatedCVE-2022-44953
MISC
MISC
webtareas -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add".2022-12-02not yet calculatedCVE-2022-44954
MISC
MISC
webtareas -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field.2022-12-02not yet calculatedCVE-2022-44955
MISC
MISC
webtareas -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2022-12-02not yet calculatedCVE-2022-44956
MISC
MISC
webtareas -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2022-12-02not yet calculatedCVE-2022-44957
MISC
MISC
webtareas -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2022-12-02not yet calculatedCVE-2022-44959
MISC
MISC
webtareas -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.2022-12-02not yet calculatedCVE-2022-44960
MISC
MISC
webtareas -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2022-12-02not yet calculatedCVE-2022-44961
MISC
MISC
webtareas -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.2022-12-02not yet calculatedCVE-2022-44962
MISC
MISC
western_digital -multiple_products
 
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.2022-12-01not yet calculatedCVE-2022-29837
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-02not yet calculatedCVE-2022-4208
MISC
MISC
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-02not yet calculatedCVE-2022-4209
MISC
MISC
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-02not yet calculatedCVE-2022-4210
MISC
MISC
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-02not yet calculatedCVE-2022-4211
MISC
MISC
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-02not yet calculatedCVE-2022-4212
MISC
MISC
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-02not yet calculatedCVE-2022-4213
MISC
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-02not yet calculatedCVE-2022-4214
MISC
MISC
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-02not yet calculatedCVE-2022-4215
MISC
MISC
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2022-12-02not yet calculatedCVE-2022-4216
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2022-12-02not yet calculatedCVE-2022-4217
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2022-12-02not yet calculatedCVE-2022-4218
MISC
MISC
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2022-12-02not yet calculatedCVE-2022-4219
MISC
MISC
MISC
wordpress -- wordpressThe Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2022-12-02not yet calculatedCVE-2022-4220
MISC
MISC
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.