Vulnerability Summary for the Week of December 5, 2022

Released
Dec 12, 2022
Document ID
SB22-346

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
activerecord_project -- activerecordA possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.2022-12-059.8CVE-2022-32224
MISC
MISC
algan -- prens_student_information_systemAlgan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability.2022-12-029.8CVE-2022-2807
CONFIRM
algan -- prens_student_information_systemAlgan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability.2022-12-028.8CVE-2022-2808
CONFIRM
amentotech -- workreapThe Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.2022-12-057.5CVE-2022-3846
MISC
ami -- megarac_sp-xMegaRAC Default Credentials Vulnerability2022-12-059.8CVE-2022-40242
MISC
ami -- megarac_sp-xAMI MegaRAC Redfish Arbitrary Code Execution2022-12-059.8CVE-2022-40259
MISC
ami -- megarac_sp-xAMI MegaRAC User Enumeration Vulnerability2022-12-057.5CVE-2022-2827
MISC
apache -- camelThe camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.2022-12-059.8CVE-2022-45046
CONFIRM
MLIST
apache -- tapestry** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.2022-12-029.8CVE-2022-46366
CONFIRM
MLIST
MISC
avast -- avastA vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10.2022-12-068.8CVE-2022-4173
MISC
ayacms_project -- ayacmsAyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).2022-12-079.8CVE-2022-45550
MISC
MISC
ayacms_project -- ayacmsAyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.2022-12-068.8CVE-2022-45548
MISC
background_management_system_project -- background_management_systemA vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability.2022-12-039.8CVE-2022-4277
N/A
N/A
beappsmobile -- pc_keyboard_wifi\&bluetoothPC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H2022-12-059.8CVE-2022-45479
MISC
cacti -- cactiCacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: <TARGETIP>`. This way the function `get_client_addr` returns the IP address of the server running Cacti. The following call to `gethostbyaddr` will resolve this IP address to the hostname of the server, which will pass the `poller` hostname check because of the default entry. After the authorization of the `remote_agent.php` file is bypassed, an attacker can trigger different actions. One of these actions is called `polldata`. The called function `poll_for_data` retrieves a few request parameters and loads the corresponding `poller_item` entries from the database. If the `action` of a `poller_item` equals `POLLER_ACTION_SCRIPT_PHP`, the function `proc_open` is used to execute a PHP script. The attacker-controlled parameter `$poller_id` is retrieved via the function `get_nfilter_request_var`, which allows arbitrary strings. This variable is later inserted into the string passed to `proc_open`, which leads to a command injection vulnerability. By e.g. providing the `poller_id=;id` the `id` command is executed. In order to reach the vulnerable call, the attacker must provide a `host_id` and `local_data_id`, where the `action` of the corresponding `poller_item` is set to `POLLER_ACTION_SCRIPT_PHP`. Both of these ids (`host_id` and `local_data_id`) can easily be bruteforced. The only requirement is that a `poller_item` with an `POLLER_ACTION_SCRIPT_PHP` action exists. This is very likely on a productive instance because this action is added by some predefined templates like `Device - Uptime` or `Device - Polling Time`. This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_...` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch.2022-12-059.8CVE-2022-46169
MISC
MISC
MISC
MISC
casbin -- casdoorCasdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.2022-12-078.1CVE-2022-44942
MISC
clastix -- capsuleCapsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the OwnerReference, removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation. Patches have been released for version 0.1.3. No known workarounds are available.2022-12-028.8CVE-2022-46167
MISC
MISC
MISC
MISC
clerk -- clerk.ioThe Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.2022-12-057.5CVE-2022-3907
MISC
concretecms -- concrete_cmsConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".2022-12-057.5CVE-2022-46464
MISC
craftcms -- craft_cmsAll Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework.2022-12-057.5CVE-2022-37783
MISC
cybozu -- cybozu_remote_serviceUncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.2022-12-077.5CVE-2022-44608
MISC
MISC
d-link -- dhp-w310av_firmwareD-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.2022-12-029.8CVE-2022-44930
MISC
d-link -- dvg-g5402sp_firmwareD-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.2022-12-029.8CVE-2022-44928
MISC
d-link -- dvg-g5402sp_firmwareAn access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles.2022-12-029.8CVE-2022-44929
MISC
dottech -- smart_campus_systemA vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.2022-12-037.5CVE-2022-4280
N/A
N/A
duxcms_project -- duxcmsA vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116.2022-12-088CVE-2020-36610
MISC
MISC
elbtide -- advanced_booking_calendarUnauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.2022-12-059.8CVE-2022-45822
MISC
f5 -- big-iq_centralized_managementIn all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-12-078.8CVE-2022-41622
MISC
facepay_project -- facepayA vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability.2022-12-058.8CVE-2022-4281
N/A
force1rc -- discovery_wifi_u818a_hd\+_fpv_firmwareBuffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > http://thiscomputer.com/ > https://www.bostoncyber.org/ > https://medium.com/@meekworth/exploiting-the-lw9621-drone-camera-module-773f000813682022-12-069.8CVE-2022-40918
MISC
MISC
fortinet -- fortiadcAn improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.2022-12-068.8CVE-2022-33875
MISC
fortinet -- fortideceptorAn insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.2022-12-067.5CVE-2022-30305
MISC
fortinet -- fortiproxyAn authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.2022-12-069.8CVE-2022-35843
MISC
franklinfueling -- colibri_firmwareFranklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen" system function with the mode "wb" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password.2022-12-059.8CVE-2022-44039
MISC
fsi -- fs040u_firmwareCross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed.2022-12-057.3CVE-2022-43470
MISC
MISC
MISC
MISC
MISC
galaxyproject -- galaxyGalaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and higher, after the switch to gunicorn, which serve static contents directly. Additionally, the vulnerability is mitigated when using Nginx or Apache to serve /static/* contents, instead of Galaxy's internal middleware. This issue has been patched in commit `e5e6bda4f` and will be included in future releases. Users are advised to manually patch their installations. There are no known workarounds for this vulnerability.2022-12-067.5CVE-2022-23470
MISC
MISC
ge -- cimplicityGE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.2022-12-077.8CVE-2022-2002
MISC
ge -- cimplicityGE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code.2022-12-077.8CVE-2022-2948
MISC
ge -- cimplicityGE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.2022-12-077.8CVE-2022-2952
MISC
ge -- cimplicityGE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code.2022-12-087.8CVE-2022-3084
MISC
ge -- cimplicityGE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code.2022-12-087.8CVE-2022-3092
MISC
gitpython_project -- gitpythonAll versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.2022-12-069.8CVE-2022-24439
CONFIRM
CONFIRM
goauthentik -- authentikauthentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`.2022-12-029.8CVE-2022-46145
MISC
MISC
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39090
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39091
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39092
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39093
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39094
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39095
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39096
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39097
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39098
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39099
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39100
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39101
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-39102
MISC
google -- androidIn UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed.2022-12-067.8CVE-2022-42776
MISC
google -- androidIn power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.2022-12-067.8CVE-2022-42777
MISC
google -- androidIn windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed.2022-12-067.8CVE-2022-42778
MISC
google -- chromeType confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2022-12-028.8CVE-2022-4262
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.2022-12-069.1CVE-2022-41902
MISC
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.2022-12-069.1CVE-2022-41910
MISC
CONFIRM
MISC
gpac -- gpacGPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c.2022-12-067.8CVE-2022-45283
MISC
hasura -- graphql_engineHasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)2022-12-088.8CVE-2022-46792
MISC
MISC
MISC
haxx -- curlWhen doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.2022-12-059.8CVE-2022-32221
MISC
hope-boot_project -- hope-boothope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).2022-12-079.8CVE-2022-44371
MISC
hornerautomation -- rcc972_firmwareHorner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition.2022-12-029.8CVE-2022-2641
MISC
hornerautomation -- rcc972_firmwareThe Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).2022-12-027.5CVE-2022-2640
MISC
hornerautomation -- rcc972_firmwareHorner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device.2022-12-027.5CVE-2022-2642
MISC
house_rental_system_project -- house_rental_systemA vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability.2022-12-039.8CVE-2022-4274
N/A
N/A
house_rental_system_project -- house_rental_systemA vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771.2022-12-039.8CVE-2022-4275
N/A
N/A
house_rental_system_project -- house_rental_systemA vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772.2022-12-039.8CVE-2022-4276
N/A
N/A
human_resource_management_system_project -- human_resource_management_systemA vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.2022-12-039.8CVE-2022-4273
MISC
MISC
human_resource_management_system_project -- human_resource_management_systemA vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775.2022-12-037.2CVE-2022-4278
N/A
N/A
ibm -- content_navigatorIBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.2022-12-078.8CVE-2022-43581
MISC
MISC
ibm -- spectrum_scale_container_native_storage_accessIBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.2022-12-067.8CVE-2022-43867
MISC
MISC
ibm -- sterling_secure_proxyIBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.2022-12-067.5CVE-2022-34361
MISC
MISC
ilias -- iliasILIAS before 7.16 allows OS Command Injection.2022-12-078.8CVE-2022-45915
MISC
FULLDISC
MISC
inksplat -- comic_book_management_systemThe Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.2022-12-057.2CVE-2022-3856
MISC
MISC
ivanti -- endpoint_managerA privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.2022-12-059.8CVE-2022-27773
MISC
ivanti -- endpoint_managerXML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.2022-12-057.8CVE-2022-35259
MISC
joinmastodon -- mastodonMastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.2022-12-047.5CVE-2022-46405
MISC
MISC
jrecms -- springbootcmsA vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability.2022-12-057.2CVE-2022-4282
MISC
MISC
kodcloud -- kodexplorerKodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue.2022-12-067.5CVE-2022-46154
MISC
MISC
kujirahand -- nadesiko3OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product.2022-12-059.8CVE-2022-41642
MISC
MISC
MISC
lazy_mouse_project -- lazy_mouseLazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H2022-12-029.8CVE-2022-45482
MISC
lzmouse -- lazy_mouseThe default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H2022-12-059.8CVE-2022-45481
MISC
maku -- maku-bootA vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability.2022-12-077.2CVE-2022-4322
N/A
N/A
N/A
markdown_preview_enhanced_project -- markdown_preview_enhancedMarkdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function.2022-12-079.8CVE-2022-45025
MISC
markdown_preview_enhanced_project -- markdown_preview_enhancedAn issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process.2022-12-079.8CVE-2022-45026
MISC
mikrotik -- routerosMikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.2022-12-059.8CVE-2022-45313
MISC
mikrotik -- routerosMikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.2022-12-059.8CVE-2022-45315
MISC
mobatek -- mobaxtermWhen aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.2022-12-069.1CVE-2022-38337
MISC
MISC
mobatek -- mobaxtermAn access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication.2022-12-068.1CVE-2022-38336
MISC
moxa -- uc-8580-t-lx_firmwareCradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code.2022-12-027.6CVE-2022-3086
MISC
nadesiko3_project -- nadesiko3OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.2022-12-059.8CVE-2022-42496
MISC
MISC
MISC
nadesiko3_project -- nadesiko3Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.2022-12-057.5CVE-2022-41777
MISC
MISC
MISC
neutrinolabs -- xrdpxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.2022-12-099.8CVE-2022-23468
MISC
neutrinolabs -- xrdpxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade.2022-12-099.8CVE-2022-23477
MISC
neutrinolabs -- xrdpxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade.2022-12-099.8CVE-2022-23478
MISC
neutrinolabs -- xrdpxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.2022-12-099.8CVE-2022-23479
MISC
neutrinolabs -- xrdpxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade.2022-12-099.8CVE-2022-23480
MISC
neutrinolabs -- xrdpxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.2022-12-099.8CVE-2022-23484
MISC
neutrinolabs -- xrdpxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade.2022-12-099.1CVE-2022-23481
MISC
neutrinolabs -- xrdpxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.2022-12-099.1CVE-2022-23482
MISC
neutrinolabs -- xrdpxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.2022-12-099.1CVE-2022-23483
MISC
neutrinolabs -- xrdpxrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade.2022-12-099.1CVE-2022-23493
MISC
nodebb -- nodebbNodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit.2022-12-059.8CVE-2022-46164
MISC
MISC
nodejs -- node.jsThe llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.2022-12-059.8CVE-2022-35256
MISC
nodejs -- node.jsA weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.2022-12-059.1CVE-2022-35255
MISC
nodejs -- node.jsA OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.2022-12-058.1CVE-2022-43548
MISC
nokogiri -- nokogiriNokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.2022-12-087.5CVE-2022-23476
MISC
MISC
MISC
nttdata -- terasoluna_server_framework_for_java_\(rich\)TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application.2022-12-057.8CVE-2022-43484
MISC
MISC
MISC
offis -- dcmtkDCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.2022-12-027.5CVE-2022-43272
MISC
MISC
omron -- cx-programmerUse-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.2022-12-077.8CVE-2022-43508
MISC
MISC
omron -- cx-programmerOut-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.2022-12-077.8CVE-2022-43509
MISC
MISC
omron -- cx-programmerStack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.2022-12-077.8CVE-2022-43667
MISC
MISC
online_leave_management_system_project -- online_leave_management_systemOnline Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-12-077.2CVE-2022-45009
MISC
paddlepaddle -- paddlepaddleCode injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.2022-12-079.8CVE-2022-46742
MISC
paddlepaddle -- paddlepaddleOut-of-bounds read in gather_tree in PaddlePaddle before 2.4.2022-12-079.1CVE-2022-46741
MISC
passeo_project -- passeoPasseo is an open source python password generator. Versions prior to 1.0.5 rely on the python `random` library for random value selection. The python `random` library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.2022-12-067.5CVE-2022-23472
MISC
MISC
MISC
pdfmake_project -- pdfmakepdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input.2022-12-069.8CVE-2022-46161
MISC
MISC
postmagthemes -- postmagthemes_demo_importThe PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.2022-12-057.2CVE-2022-1540
MISC
premio -- chatyThe Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin.2022-12-057.2CVE-2022-3858
MISC
proofpoint -- enterprise_protectionThe Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.2022-12-069.6CVE-2022-46332
MISC
proofpoint -- enterprise_protectionThe admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.2022-12-067.2CVE-2022-46333
MISC
protocol -- libp2plibp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based network. Users are advised to upgrade to `libp2p` `v0.45.1` or above. Users unable to upgrade should reference the DoS Mitigation page for more information on how to incorporate mitigation strategies, monitor their application, and respond to attacks: https://docs.libp2p.io/reference/dos-mitigation/.2022-12-077.5CVE-2022-23486
MISC
protocol -- libp2pjs-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency to `v0.38.0` or greater. There are no known workarounds for this vulnerability.2022-12-077.5CVE-2022-23487
MISC
protocol -- libp2pgo-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of go-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to upgrade their version of go-libp2p to version `0.18.1` or newer. Users unable to upgrade may consult the denial of service (dos) mitigation page for more information on how to incorporate mitigation strategies, monitor your application, and respond to attacks.2022-12-087.5CVE-2022-23492
MISC
MISC
MISC
proxmox -- proxmox_mail_gatewayProxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3.2022-12-049.8CVE-2022-35508
MISC
MISC
MISC
MISC
proxmox -- proxmox_mail_gatewayA response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.2022-12-047.1CVE-2022-35507
MISC
MISC
pulsesecure -- pulse_connect_secureAn unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.2022-12-057.5CVE-2022-35254
MISC
pulsesecure -- pulse_connect_secureAn unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.2022-12-057.5CVE-2022-35258
MISC
pwndoc_project -- pwndocAn issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file.2022-12-058.8CVE-2022-45771
MISC
MISC
py7zr_project -- py7zrA directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.2022-12-069.1CVE-2022-44900
MISC
MISC
MISC
quarkus -- quarkusQuarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.2022-12-069.8CVE-2022-4147
MISC
rack_project -- rackA sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.2022-12-0510CVE-2022-30123
MISC
rack_project -- rackA possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.2022-12-057.5CVE-2022-30122
MISC
rackn -- digital_rebarRackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access.2022-12-069.8CVE-2022-46383
MISC
MISC
rackn -- digital_rebarRackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.2022-12-068.8CVE-2022-46382
MISC
redmine -- redmineRedmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.2022-12-067.5CVE-2022-44030
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.2022-12-029.8CVE-2022-44945
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.2022-12-058.8CVE-2022-45020
MISC
samsung -- exynos_firmwareImproper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call.2022-12-087.5CVE-2022-39902
MISC
sangoma -- asteriskIn Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.2022-12-057.5CVE-2022-37325
MISC
sanitization_management_system_project -- sanitization_management_systemSanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=.2022-12-077.2CVE-2022-44393
MISC
seagate -- stcg2000300_firmwareThe web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.2022-12-069.8CVE-2020-6627
MISC
MISC
MISC
secomea -- gatemanagerImproper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.2022-12-067.2CVE-2022-38123
MISC
simple-git_project -- simple-gitThe package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).2022-12-069.8CVE-2022-25912
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
simple_phone_book\/directory_web_app_project -- simple_phone_book\/directory_web_appSimple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php.2022-12-079.8CVE-2022-45010
MISC
skycaiji -- skycaijiSkycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.2022-12-079.8CVE-2022-44351
MISC
slims -- senayan_library_management_systemSLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.2022-12-057.5CVE-2022-45019
MISC
stackstorm -- stackstormImproper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information.2022-12-067.5CVE-2022-44009
MISC
swiftterm_project -- swifttermSwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available.2022-12-027.8CVE-2022-23465
MISC
MISC
syncee -- syncee_-_global_dropshippingThe Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator's account.2022-12-057.5CVE-2022-3694
MISC
telepad-app -- telepadTelepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H2022-12-059.8CVE-2022-45477
MISC
telos -- omnia_mpx_node_firmwareInsecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.2022-12-028.8CVE-2022-45562
MISC
telosalliance -- omnia_mpx_node_firmwareAn unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.2022-12-029.8CVE-2022-43325
MISC
tenda -- a18_firmwareTenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.2022-12-087.5CVE-2022-44931
MISC
tenda -- a18_firmwareAn access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service.2022-12-087.5CVE-2022-44932
MISC
tenda -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.2022-12-027.5CVE-2022-45641
MISC
tenda -- i21_firmwareTenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule.2022-12-029.8CVE-2022-44362
MISC
tenda -- i21_firmwareTenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo.2022-12-029.8CVE-2022-44363
MISC
tenda -- i21_firmwareTenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd.2022-12-029.8CVE-2022-44365
MISC
tenda -- i21_firmwareTenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo.2022-12-029.8CVE-2022-44366
MISC
tenda -- i21_firmwareTenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo.2022-12-029.8CVE-2022-44367
MISC
tenda -- i22_firmwareTenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.2022-12-027.5CVE-2022-45663
MISC
tenda -- i22_firmwareTenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function.2022-12-027.5CVE-2022-45664
MISC
tenda -- i22_firmwareTenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function.2022-12-027.5CVE-2022-45669
MISC
tenda -- i22_firmwareTenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.2022-12-027.5CVE-2022-45670
MISC
tenda -- i22_firmwareTenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function.2022-12-027.5CVE-2022-45671
MISC
tenda -- i22_firmwareTenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function.2022-12-027.5CVE-2022-45672
MISC
tenda -- w30e_firmwareTenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.2022-12-089.8CVE-2022-45506
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand.2022-12-087.5CVE-2022-45505
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName.2022-12-087.5CVE-2022-45507
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName.2022-12-087.5CVE-2022-45508
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName.2022-12-087.5CVE-2022-45509
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset.2022-12-087.5CVE-2022-45510
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex.2022-12-087.5CVE-2022-45511
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter.2022-12-087.5CVE-2022-45512
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter.2022-12-087.5CVE-2022-45513
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter.2022-12-087.5CVE-2022-45514
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat.2022-12-087.5CVE-2022-45515
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting.2022-12-087.5CVE-2022-45516
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer.2022-12-087.5CVE-2022-45517
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind.2022-12-087.5CVE-2022-45518
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter.2022-12-087.5CVE-2022-45519
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting.2022-12-087.5CVE-2022-45520
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter.2022-12-087.5CVE-2022-45521
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter.2022-12-087.5CVE-2022-45522
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im.2022-12-087.5CVE-2022-45523
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave.2022-12-087.5CVE-2022-45524
MISC
tenda -- w30e_firmwareTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo.2022-12-087.5CVE-2022-45525
MISC
tenda -- w6-s_firmwareTenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.2022-12-089.8CVE-2022-45497
MISC
tenda -- w6-s_firmwareAn issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.2022-12-087.5CVE-2022-45498
MISC
tenda -- w6-s_firmwareTenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.2022-12-087.5CVE-2022-45499
MISC
tenda -- w6-s_firmwareTenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.2022-12-087.5CVE-2022-45501
MISC
tenda -- w6-s_firmwareTenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing.2022-12-087.5CVE-2022-45503
MISC
tenda -- w6-s_firmwareAn issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.2022-12-087.5CVE-2022-45504
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function.2022-12-027.5CVE-2022-45643
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function.2022-12-027.5CVE-2022-45644
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.2022-12-027.5CVE-2022-45645
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function.2022-12-027.5CVE-2022-45646
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.2022-12-027.5CVE-2022-45647
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.2022-12-027.5CVE-2022-45648
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function.2022-12-027.5CVE-2022-45649
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.2022-12-027.5CVE-2022-45650
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function.2022-12-027.5CVE-2022-45651
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function.2022-12-027.5CVE-2022-45652
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function.2022-12-027.5CVE-2022-45653
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function.2022-12-027.5CVE-2022-45654
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function.2022-12-027.5CVE-2022-45655
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.2022-12-027.5CVE-2022-45656
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.2022-12-027.5CVE-2022-45657
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function.2022-12-027.5CVE-2022-45658
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.2022-12-027.5CVE-2022-45659
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function.2022-12-027.5CVE-2022-45660
MISC
tendacn -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function.2022-12-027.5CVE-2022-45661
MISC
thinkphp -- thinkphpThinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.2022-12-068.8CVE-2022-44289
MISC
tibco -- nimbusThe Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.2022-12-069.3CVE-2022-41559
CONFIRM
ui -- edgemax_edgerouter_firmwareA remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.2022-12-058.8CVE-2022-43553
MISC
unimo -- udr-ja1604_firmwareHidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.2022-12-078.8CVE-2022-43464
MISC
MISC
unimo -- udr-ja1604_firmwareOS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.2022-12-078.8CVE-2022-44606
MISC
MISC
unimo -- udr-ja1604_firmwareImproper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.2022-12-078.8CVE-2022-44620
MISC
MISC
veeam -- veeam_backup_for_google_cloudImproper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms.2022-12-059.8CVE-2022-43549
MISC
veritas -- netbackup_flex_scale_applianceAn issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.2022-12-049.8CVE-2022-46414
MISC
veritas -- netbackup_flex_scale_applianceAn issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands.2022-12-048.8CVE-2022-46410
MISC
veritas -- netbackup_flex_scale_applianceAn issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.2022-12-048.8CVE-2022-46411
MISC
veritas -- netbackup_flex_scale_applianceAn issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.2022-12-048.8CVE-2022-46412
MISC
veritas -- netbackup_flex_scale_applianceAn issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.2022-12-048.8CVE-2022-46413
MISC
videolan -- vlc_media_playerAn integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.2022-12-067.8CVE-2022-41325
MISC
MISC
MISC
DEBIAN
vim -- vimHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.2022-12-039.8CVE-2022-3491
CONFIRM
MISC
vim -- vimHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.2022-12-029.8CVE-2022-3520
MISC
CONFIRM
vim -- vimUse After Free in GitHub repository vim/vim prior to 9.0.0789.2022-12-027.8CVE-2022-3591
MISC
CONFIRM
vim -- vimUse After Free in GitHub repository vim/vim prior to 9.0.0882.2022-12-057.8CVE-2022-4292
CONFIRM
MISC
warehouse_management_system_project -- warehouse_management_systemA vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.2022-12-039.8CVE-2022-4272
MISC
MISC
webtareas_project -- webtareaswebTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.2022-12-029.8CVE-2022-44290
MISC
MISC
webtareas_project -- webtareaswebTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.2022-12-029.8CVE-2022-44291
MISC
MISC
wordpress_popular_posts_project -- wordpress_popular_postsExternal initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.2022-12-077.5CVE-2022-43468
MISC
MISC
MISC
wp-ecommerce -- easy_wp_smtpAuth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress.2022-12-068.8CVE-2022-42699
MISC
wp-ecommerce -- easy_wp_smtpAuth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress.2022-12-068.1CVE-2022-45829
MISC
wp_csv_exporter_project -- wp_csv_exporterThe WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks2022-12-057.2CVE-2022-3249
MISC
xjd2020 -- fastcmsA vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability.2022-12-068.8CVE-2022-4300
N/A
N/A
MISC
yithemes -- yith_woocommerce_gift_cardsUnauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress.2022-12-069.8CVE-2022-45359
MISC
zabbix -- frontendZabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.2022-12-059.8CVE-2022-43515
MISC
zabbix -- zabbixA Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)2022-12-059.8CVE-2022-43516
MISC
zimbra -- collaborationAn issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.2022-12-057.2CVE-2022-45912
MISC
zkteco -- zktimeA default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.2022-12-067.5CVE-2021-39434
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
2kblater -- 2kb_amazon_affiliates_storeReflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress.2022-12-046.1CVE-2022-40968
MISC
add_comments_project -- add_commentsThe Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-12-054.8CVE-2022-3909
MISC
addonspress -- advanced_importThe Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks2022-12-056.5CVE-2022-3677
MISC
advanced_wp_columns_project -- advanced_wp_columnsThe Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-12-054.8CVE-2022-3426
MISC
apache -- commons_netPrior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.2022-12-036.5CVE-2021-37533
CONFIRM
MLIST
auto\/taxi_stand_management_system_project -- auto\/taxi_stand_management_systemAutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php.2022-12-066.1CVE-2022-43369
MISC
MISC
awstats -- awstatsAWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.2022-12-046.1CVE-2022-46391
MISC
MLIST
bd -- bodyguard_999-603_firmwareThe BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.2022-12-055.3CVE-2022-43557
MISC
beappsmobile -- pc_keyboard_wifi_\&_bluetoothPC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N2022-12-025.9CVE-2022-45480
MISC
beetl-bbs_project -- beetl-bbsA vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107.2022-12-085.4CVE-2022-4347
N/A
N/A
book_store_management_system_project -- book_store_management_systemA cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module.2022-12-025.4CVE-2022-45215
MISC
MISC
book_store_management_system_project -- book_store_management_systemA cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module.2022-12-075.4CVE-2022-45217
MISC
MISC
clicshopping -- clicshopping_v3A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter.2022-12-056.1CVE-2022-45769
MISC
concretecms -- concrete_cmsConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.2022-12-056.1CVE-2022-43556
MISC
MISC
MISC
contest-gallery -- contest_galleryUnauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress.2022-12-066.1CVE-2022-45848
MISC
crowdstrike -- falconCrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.)2022-12-044.9CVE-2022-44721
MISC
dev4press -- gd_bbpress_attachmentsAuth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress.2022-12-065.4CVE-2022-45816
MISC
discourse -- discourseDiscourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.2022-12-024.3CVE-2022-46159
MISC
MISC
duxcms_project -- duxcmsA vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115.2022-12-085.4CVE-2020-36609
MISC
MISC
ecommerce-website_project -- ecommerce-websiteA cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.2022-12-056.1CVE-2022-45990
MISC
elbtide -- advanced_booking_calendarCross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.2022-12-056.5CVE-2022-45824
MISC
enhancesoft -- osticketCross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.2022-12-025.4CVE-2022-4271
CONFIRM
MISC
fortinet -- fortiadcMultiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.2022-12-066.5CVE-2022-33876
MISC
fortinet -- fortiosA improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.2022-12-065.4CVE-2022-40680
MISC
fortinet -- fortisoarImproper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.2022-12-065.4CVE-2022-38379
MISC
fsi -- fs040u_firmwarePlaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console.2022-12-054.6CVE-2022-43442
MISC
MISC
MISC
MISC
MISC
google -- androidIn widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207.2022-12-056.7CVE-2022-32594
MISC
google -- androidIn widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446213; Issue ID: ALPS07446213.2022-12-056.7CVE-2022-32596
MISC
google -- androidIn widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228.2022-12-056.7CVE-2022-32597
MISC
google -- androidIn widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228.2022-12-056.7CVE-2022-32598
MISC
google -- androidIn keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659.2022-12-056.7CVE-2022-32619
MISC
google -- androidIn mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753.2022-12-056.7CVE-2022-32620
MISC
google -- androidIn gz, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363786; Issue ID: ALPS07363786.2022-12-056.7CVE-2022-32622
MISC
google -- androidIn throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923.2022-12-056.7CVE-2022-32624
MISC
google -- androidIn display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216.2022-12-056.7CVE-2022-32625
MISC
google -- androidIn display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326239; Issue ID: ALPS07326239.2022-12-056.7CVE-2022-32626
MISC
google -- androidIn isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310780; Issue ID: ALPS07310780.2022-12-056.7CVE-2022-32628
MISC
google -- androidIn isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310774; Issue ID: ALPS07310774.2022-12-056.7CVE-2022-32629
MISC
google -- androidIn throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966.2022-12-056.7CVE-2022-32630
MISC
google -- androidIn Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453613; Issue ID: ALPS07453613.2022-12-056.7CVE-2022-32631
MISC
google -- androidIn Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441630; Issue ID: ALPS07441630.2022-12-056.7CVE-2022-32632
MISC
google -- androidIn Wi-Fi, there is a possible memory access violation due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441637; Issue ID: ALPS07441637.2022-12-056.7CVE-2022-32633
MISC
google -- androidIn ccci, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138646; Issue ID: ALPS07138646.2022-12-056.7CVE-2022-32634
MISC
google -- androidIn isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Issue ID: ALPS07310829.2022-12-056.4CVE-2022-32621
MISC
google -- androidIn sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.2022-12-065.5CVE-2022-39106
MISC
google -- androidIn face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.2022-12-065.5CVE-2022-39129
MISC
google -- androidIn face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.2022-12-065.5CVE-2022-39130
MISC
google -- androidIn camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.2022-12-065.5CVE-2022-39131
MISC
google -- androidIn camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.2022-12-065.5CVE-2022-39132
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-39133
MISC
google -- androidExposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.2022-12-085.5CVE-2022-39897
MISC
google -- androidImplicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allows attacker to access sensitive information via implicit intent.2022-12-085.5CVE-2022-39905
MISC
google -- androidIn npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel.2022-12-065.5CVE-2022-42754
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42755
MISC
google -- androidIn sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel.2022-12-065.5CVE-2022-42756
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42759
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42760
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42761
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42762
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42763
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42764
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42765
MISC
google -- androidIn wlan driver, there is a possible missing permission check, This could lead to local information disclosure.2022-12-065.5CVE-2022-42766
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42772
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42773
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42774
MISC
google -- androidIn camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.2022-12-065.5CVE-2022-42775
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42779
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42780
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-065.5CVE-2022-42781
MISC
google -- androidIn wlan driver, there is a possible missing permission check, This could lead to local information disclosure.2022-12-065.5CVE-2022-42782
MISC
google -- androidIn audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel.2022-12-064.7CVE-2022-39134
MISC
google -- androidIn wlan driver, there is a race condition, This could lead to local denial of service in wlan services.2022-12-064.7CVE-2022-42770
MISC
google -- androidIn wlan driver, there is a race condition, This could lead to local denial of service in wlan services.2022-12-064.7CVE-2022-42771
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-064.3CVE-2022-42768
MISC
haxx -- curlcurl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.2022-12-056.5CVE-2022-35260
MISC
human_resource_management_system_project -- human_resource_management_systemA vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776.2022-12-036.1CVE-2022-4279
N/A
N/A
ibm -- business_automation_workflowIBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.2022-12-076.1CVE-2022-41735
MISC
MISC
ilias -- iliasILIAS before 7.16 allows External Control of File Name or Path.2022-12-076.5CVE-2022-45918
MISC
FULLDISC
MISC
ilias -- iliasILIAS before 7.16 has an Open Redirect.2022-12-076.1CVE-2022-45917
MISC
FULLDISC
MISC
ilias -- iliasILIAS before 7.16 allows XSS.2022-12-075.4CVE-2022-45916
MISC
FULLDISC
MISC
ivanti -- endpoint_managerZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.2022-12-056.5CVE-2022-23143
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-026.1CVE-2022-4208
MISC
MISC
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-026.1CVE-2022-4209
MISC
MISC
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-026.1CVE-2022-4210
MISC
MISC
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-026.1CVE-2022-4211
MISC
MISC
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-026.1CVE-2022-4212
MISC
MISC
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-026.1CVE-2022-4213
MISC
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-026.1CVE-2022-4214
MISC
MISC
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2022-12-026.1CVE-2022-4215
MISC
MISC
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2022-12-024.8CVE-2022-4216
MISC
MISC
MISC
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2022-12-024.8CVE-2022-4217
MISC
MISC
MISC
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2022-12-024.3CVE-2022-4218
MISC
MISC
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2022-12-024.3CVE-2022-4219
MISC
MISC
MISC
kibokolabs -- chained_quizThe Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2022-12-024.3CVE-2022-4220
MISC
MISC
MISC
MISC
kwoksys -- information_serverAn XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.2022-12-064.9CVE-2022-45326
MISC
MISC
kyocera -- taskalfa_7550ci_firmwareSession information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.2022-12-056.5CVE-2022-41798
MISC
MISC
MISC
kyocera -- taskalfa_7550ci_firmwareMissing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.2022-12-056.5CVE-2022-41807
MISC
MISC
MISC
kyocera -- taskalfa_7550ci_firmwareStored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.2022-12-054.8CVE-2022-41830
MISC
MISC
MISC
lazy_mouse_project -- lazy_mouseLazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N2022-12-025.9CVE-2022-45483
MISC
linux -- linux_kernelA flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.2022-12-055.5CVE-2022-4269
MISC
mingsoft -- mcmsA vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.2022-12-086.1CVE-2022-4350
MISC
MISC
oceanwp -- sticky_headerCross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress.2022-12-046.5CVE-2022-35730
MISC
online_leave_management_system_project -- online_leave_management_systemOnline Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module.2022-12-074.8CVE-2022-45008
MISC
openrazer_project -- openrazerOpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices.2022-12-054.6CVE-2022-23467
MISC
MISC
pinterest -- querybookQuerybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow attackers to perform reflected cross site scripting (XSS) if Content Security Policy (CSP) is not enabled or `unsafe-inline` is allowed. Users are advised to upgrade to the latest, patched version of querybook (version 3.14.2 or greater). Users unable to upgrade may enable CSP and not allow unsafe-inline or manually escape query parameters in a reverse proxy.2022-12-066.1CVE-2022-46151
MISC
MISC
pwn_project -- pwnA vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability.2022-12-086.8CVE-2022-4349
N/A
N/A
rapidscada -- rapid_scadaRapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS).2022-12-076.1CVE-2022-44153
MISC
ricoh -- aficio_sp_4210n_firmwareCross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.2022-12-074.8CVE-2022-37406
MISC
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.2022-12-025.4CVE-2022-44944
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.2022-12-025.4CVE-2022-44946
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".2022-12-025.4CVE-2022-44947
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".2022-12-025.4CVE-2022-44948
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.2022-12-025.4CVE-2022-44949
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2022-12-025.4CVE-2022-44950
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2022-12-025.4CVE-2022-44951
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".2022-12-025.4CVE-2022-44952
MISC
MISC
ruoyi -- ruoyi-cloudA vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108.2022-12-086.1CVE-2022-4348
N/A
N/A
salonbookingsystem -- salon_booking_systemCross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script.2022-12-056.1CVE-2022-43487
MISC
MISC
MISC
sangoma -- asteriskAn issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.2022-12-054.9CVE-2022-42706
MISC
sangoma -- certified_asteriskA use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.2022-12-056.5CVE-2022-42705
MISC
ss-proj -- shirasagiOpen redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.2022-12-056.1CVE-2022-43479
MISC
MISC
MISC
MISC
ss-proj -- shirasagiStored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.2022-12-055.4CVE-2022-43499
MISC
MISC
MISC
MISC
stackstorm -- stackstormCross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.2022-12-055.4CVE-2022-43706
MISC
telegram -- telegram** DISPUTED ** Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding.2022-12-066.1CVE-2022-43363
MISC
MISC
telepad-app -- telepadTelepad allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N2022-12-055.9CVE-2022-45478
MISC
teler_project -- telerteler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting (XSS) in the teler dashboard. When teler requests messages from the event stream on the `/events` endpoint, the log data displayed on the dashboard are not sanitized. This only affects authenticated users and can only be exploited based on detected threats if the log contains a DOM scripting payload. This vulnerability has been fixed on version `v2.0.0-rc.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability.2022-12-065.4CVE-2022-23466
MISC
MISC
tenda -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.2022-12-026.5CVE-2022-45673
MISC
tenda -- ac6_firmwareTenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.2022-12-026.5CVE-2022-45674
MISC
tenda -- i22_firmwareTenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.2022-12-026.5CVE-2022-45667
MISC
tenda -- i22_firmwareTenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.2022-12-026.5CVE-2022-45668
MISC
themeum -- wp_page_builderThe WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-12-054.8CVE-2022-3830
MISC
tibco -- nimbusThe Statement Set Upload via the Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Denial of Service Attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.2022-12-066.5CVE-2022-41560
CONFIRM
tomexam -- tomexamCross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml.2022-12-055.4CVE-2021-34181
MISC
tp-link -- re3000_firmwaretdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function.2022-12-075.5CVE-2022-41783
MISC
MISC
tp-link -- tl-wr740n_firmwareA vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214812.2022-12-065.5CVE-2022-4296
MISC
MISC
user_registration_\&_user_management_system_project -- user_registration_\&_user_management_systemPhpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages.2022-12-055.4CVE-2022-43097
MISC
vim -- vimFloating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.2022-12-055.5CVE-2022-4293
CONFIRM
MISC
webtareas_project -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".2022-12-025.4CVE-2022-44953
MISC
MISC
webtareas_project -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add".2022-12-025.4CVE-2022-44954
MISC
MISC
webtareas_project -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field.2022-12-025.4CVE-2022-44955
MISC
MISC
webtareas_project -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2022-12-025.4CVE-2022-44956
MISC
MISC
webtareas_project -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2022-12-025.4CVE-2022-44957
MISC
MISC
webtareas_project -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2022-12-025.4CVE-2022-44959
MISC
MISC
webtareas_project -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.2022-12-025.4CVE-2022-44960
MISC
MISC
webtareas_project -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2022-12-025.4CVE-2022-44961
MISC
MISC
webtareas_project -- webtareaswebtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.2022-12-025.4CVE-2022-44962
MISC
MISC
wordpress -- wordpressCross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script .2022-12-056.1CVE-2022-43497
MISC
MISC
MISC
wordpress -- wordpressCross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script .2022-12-056.1CVE-2022-43500
MISC
MISC
MISC
wordpress -- wordpressImproper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature.2022-12-055.3CVE-2022-43504
MISC
MISC
MISC
wp-ecommerce -- easy_wp_smtpAuth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress.2022-12-066.5CVE-2022-45833
MISC
wp-oauth -- wp_oauth_serverThe WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID2022-12-056.5CVE-2022-3926
MISC
wp-oauth -- wp_oauth_serverThe WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-12-054.8CVE-2022-3892
MISC
wpmanage -- uji_countdownThe Uji Countdown WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-12-054.8CVE-2022-3837
MISC
wpupper_share_buttons_project -- wpupper_share_buttonsThe WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2022-12-054.8CVE-2022-3838
MISC
xylusthemes -- wp_smart_importUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress.2022-12-066.1CVE-2022-40209
MISC
zyxel -- atp800_firmwareA cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser.2022-12-066.1CVE-2022-40603
CONFIRM
zzcms -- zzcmsAn issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.2022-12-075.4CVE-2022-44361
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
google -- androidImproper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.2022-12-083.3CVE-2022-39894
MISC
google -- androidImproper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.2022-12-083.3CVE-2022-39895
MISC
google -- androidImproper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.2022-12-083.3CVE-2022-39896
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-063.3CVE-2022-42757
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-063.3CVE-2022-42758
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-063.3CVE-2022-42767
MISC
google -- androidIn wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.2022-12-063.3CVE-2022-42769
MISC
hitachi -- jp1\/automatic_operationGeneration of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01.2022-12-063.3CVE-2022-34881
MISC
m-files -- m-files_serverIncorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.2022-12-022.6CVE-2022-4270
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
akeneo_pim -- akeneo_pimAkeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions aforementioned provides patched Apache HTTP server configuration file, for docker setup and in documentation sample, to fix this vulnerability. Community Edition users must change their Apache HTTP server configuration accordingly to be protected. The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October 2022. Users are advised to upgrade. Users unable to upgrade may Replace any reference to `<FilesMatch \.php$>` in their apache httpd configurations with: `<Location "/index.php">`.2022-12-09not yet calculatedCVE-2022-46157
MISC
MISC
apache -- manifoldcfImproper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions.2022-12-07not yet calculatedCVE-2022-45910
MISC
aruba -- airwave_management_platformVulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.2022-12-08not yet calculatedCVE-2022-37916
MISC
aruba -- airwave_management_platformVulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.2022-12-08not yet calculatedCVE-2022-37917
MISC
aruba -- airwave_management_platformVulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.2022-12-08not yet calculatedCVE-2022-37918
MISC
automotive_shop_management_system -- automotive_shop_management_systemAutomotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php.2022-12-09not yet calculatedCVE-2022-44838
MISC
baota -- baotaIn BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature.2022-12-09not yet calculatedCVE-2022-4336
MISC
basercms -- basercmsStored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.2022-12-07not yet calculatedCVE-2022-41994
MISC
MISC
basercms -- basercmsStored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.2022-12-07not yet calculatedCVE-2022-42486
MISC
MISC
broadcom -- brocade_fabric_osA vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.2022-12-08not yet calculatedCVE-2022-33186
MISC
broadcom -- brocade_sannavBrocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.2022-12-09not yet calculatedCVE-2022-33187
MISC
broadcom -- symantec_messaging_gatewayAn authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column)2022-12-09not yet calculatedCVE-2022-25629
MISC
broadcom -- symantec_messaging_gatewayAn authenticated user can embed malicious content with XSS into the admin group policy page.2022-12-09not yet calculatedCVE-2022-25630
MISC
buffalo_inc -- multiple_productsHidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WLI-TX4-AG300N firmware Ver. 1.53 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WZR2-G108 firmware Ver. 1.33 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, and WZR-HP-G450H firmware Ver. 1.90 and earlier.2022-12-07not yet calculatedCVE-2022-39044
MISC
MISC
buffalo_inc -- multiple_productsAuthentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier.2022-12-07not yet calculatedCVE-2022-40966
MISC
MISC
buffalo_inc -- multiple_productsUse of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, and WZR-D1100H firmware Ver. 2.00 and earlier.2022-12-07not yet calculatedCVE-2022-34840
MISC
MISC
buildah -- buildahA vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.2022-12-08not yet calculatedCVE-2022-4122
MISC
MISC
buildah -- buildahA flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.2022-12-08not yet calculatedCVE-2022-4123
MISC
canon_medical_informatics -- vitrea_visionCanon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.2022-12-09not yet calculatedCVE-2022-38765
MISC
certifi -- certifiCertifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.2022-12-07not yet calculatedCVE-2022-23491
MISC
MISC
chicken -- chickenegg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.2022-12-10not yet calculatedCVE-2022-45145
MISC
MISC
MISC
codecentric-- spring-boot-adminSpring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint.2022-12-09not yet calculatedCVE-2022-46166
MISC
MISC
containerd -- containerdcontainerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.2022-12-07not yet calculatedCVE-2022-23471
MISC
MISC
csliuwy -- coder-chain_gdutA vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095.2022-12-07not yet calculatedCVE-2022-4341
N/A
N/A

cube-js -- cube-js

cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to 0.31.24 or to downgrade to 0.31.22. There are no known workarounds for this vulnerability.2022-12-09not yet calculatedCVE-2022-23510
MISC
MISC
MISC

daloradius -- daloradius

daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in two parts 1) The CSRF vulnerability can be mitigated by making the daloRadius session cookie to samesite=Lax or by the implimentation of a CSRF token in all forms. 2) The XSS vulnerability may be mitigated by escaping it or by introducing a Content-Security policy.2022-12-06not yet calculatedCVE-2022-23475
MISC
MISC
dhis2 -- dhis2-coreDHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated user to open the malicious file in a browser which would trigger the javascript code, resulting in a cross-site scripting (XSS) attack. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. Users unable to upgrade may add the following simple CSP rule in your web proxy to the vulnerable endpoints: `script-src 'none'`. This workaround will prevent all javascript from running on those endpoints.2022-12-08not yet calculatedCVE-2022-41947
MISC
MISC
dhis2 -- dhis2-coreDHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an HTTP PUT request. Only users with the following DHIS2 user role authorities can exploit this vulnerability. Note that in many systems the only users with user admin privileges are also superusers. In these cases, the escalation vulnerability does not exist. The vulnerability is only exploitable by attackers who can authenticate as users with the user admin authority. As this is usually a small and relatively trusted set of users, exploit vectors will often be limited. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. The only known workaround to this issue is to avoid the assignment of the user management authority to any users until the patch has been applied.2022-12-08not yet calculatedCVE-2022-41948
MISC
dhis2 -- dhis2-coreDHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources (like third party servers). This could allow an attacker, for example, to identify vulnerable services which might not be otherwise exposed to the public internet or to determine whether a specific file is present on the DHIS2 server. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. At this time, there is no known workaround or mitigation for this vulnerability.2022-12-08not yet calculatedCVE-2022-41949
MISC
MISC
f5 -- big-ipIn all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-12-07not yet calculatedCVE-2022-41800
MISC
freshrss -- freshrssFreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration might contain a hashed password (brypt with cost 9, salted) of the GReader API, and a hashed password (MD5 salted) of the Fever API. Users should update to version 1.20.2 or edge. Users unable to upgrade can apply the patch manually or delete the file `./FreshRSS/p/ext.php`.2022-12-09not yet calculatedCVE-2022-23497
MISC
MISC
MISC
funkwhale -- funkwhaleUser invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.2022-12-09not yet calculatedCVE-2022-45292
MISC
go-merkledag -- go-merkledaggo-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A `ProtoNode` should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error from the codec. Manipulation of an existing (newly created or decoded) `ProtoNode` using the modifier methods did not account for certain states that would place the `ProtoNode` into an unencodeable form. Due to conformance with the [`github.com/ipfs/go-block-format#Block`](https://pkg.go.dev/github.com/ipfs/go-block-format#Block) and [`github.com/ipfs/go-ipld-format#Node`](https://pkg.go.dev/github.com/ipfs/go-ipld-format#Node) interfaces, certain methods, which internally require a re-encode if state has changed, will panic due to the inability to return an error. This issue has been addressed across a number of pull requests. Users are advised to upgrade to version 0.8.1 for a complete set of fixes. Users unable to upgrade may attempt to mitigate this issue by sanitising inputs when allowing user-input to set a new `CidBuilder` on a `ProtoNode` and by sanitising `Tsize` (`Link#Size`) values such that they are a reasonable byte-size for sub-DAGs where derived from user-input.2022-12-08not yet calculatedCVE-2022-23495
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
go-standard_library -- os/net/http
 
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error.2022-12-07not yet calculatedCVE-2022-41720
MISC
MISC
MISC
MISC
go-standard_library/golang -- multiple_producstAn attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.2022-12-08not yet calculatedCVE-2022-41717
MISC
MISC
MISC
MISC
MISC
ibm -- cloud_transformation_advisorIBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214.2022-12-09not yet calculatedCVE-2022-41299
MISC
MISC
interspire -- email_marketerInterspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists.2022-12-09not yet calculatedCVE-2022-44790
MISC
jetbrains -- gatewayIn JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.2022-12-08not yet calculatedCVE-2022-46829
MISC
jetbrains -- intellij_ideaIn JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.2022-12-08not yet calculatedCVE-2022-46824
MISC
jetbrains -- intellij_ideaIn JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.2022-12-08not yet calculatedCVE-2022-46825
MISC
jetbrains -- intellij_ideaIn JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.2022-12-08not yet calculatedCVE-2022-46826
MISC
jetbrains -- intellij_ideaIn JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.2022-12-08not yet calculatedCVE-2022-46827
MISC
jetbrains -- intellij_ideaIn JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.2022-12-08not yet calculatedCVE-2022-46828
MISC
jetbrains -- teamcityIn JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.2022-12-08not yet calculatedCVE-2022-46830
MISC
jetbrains -- teamcityIn JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.2022-12-08not yet calculatedCVE-2022-46831
MISC
kbase_doc -- kbase_docKbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java.2022-12-09not yet calculatedCVE-2022-45290
MISC
labstack -- labstackDue to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.2022-12-07not yet calculatedCVE-2020-36565
MISC
MISC
MISC
linux -- linuxGuests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).2022-12-07not yet calculatedCVE-2022-42328
MISC
MLIST
MLIST
MLIST
linux -- linuxGuests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).2022-12-07not yet calculatedCVE-2022-42329
MISC
MLIST
MLIST
MLIST
lirantal -- daloradiusExposure of Sensitive System Information to an Unauthorized Control Sphere in GitHub repository lirantal/daloradius prior to master branch.2022-12-08not yet calculatedCVE-2022-4366
CONFIRM
MISC
m-files -- webIncorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.2022-12-09not yet calculatedCVE-2022-4264
MISC
metinfo -- metinfoA Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.2022-12-07not yet calculatedCVE-2022-44849
MISC
micro_focus -- operations_bridge_containerized
 
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11.2022-12-08not yet calculatedCVE-2022-38754
MISC
MISC
MISC
mingsoft -- mcmsA vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196.2022-12-09not yet calculatedCVE-2022-4375
MISC
MISC
morontt -- zend-blog-number-2A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability.2022-12-10not yet calculatedCVE-2022-4397
N/A
N/A
netgear -- nighthawk_rax30A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network.2022-12-09not yet calculatedCVE-2022-4390
MISC
MISC
nortonlifelock -- avast_antivirusThe aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.2022-12-08not yet calculatedCVE-2022-4291
MISC
openharmony -- openharmonyKernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.2022-12-08not yet calculatedCVE-2022-41802
MISC
openharmony -- openharmonyThe appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.2022-12-08not yet calculatedCVE-2022-44455
MISC
openharmony -- openharmonyOpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.2022-12-08not yet calculatedCVE-2022-45118
MISC
openharmony -- openharmonyOpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.2022-12-08not yet calculatedCVE-2022-45877
MISC
pb-cms -- pb-cmsA vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-215114 is the identifier assigned to this vulnerability.2022-12-08not yet calculatedCVE-2022-4354
MISC
MISC
pb-cms -- pb-cms
 
A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215113 was assigned to this vulnerability.2022-12-08not yet calculatedCVE-2022-4353
MISC
MISC
perl -- perlThe rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.2022-12-09not yet calculatedCVE-2022-4170
MISC
MISC
prestashop -- prestashopPrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue.2022-12-08not yet calculatedCVE-2022-46158
MISC
MISC
qubes-mirage-firewall -- qubes-mirage-firewallqubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).2022-12-07not yet calculatedCVE-2022-46770
MISC
radareorg -- radareorg/radare2Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.2022-12-10not yet calculatedCVE-2022-4398
MISC
CONFIRM
rapid7 -- nexpose_and_insightvmRapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself.2022-12-08not yet calculatedCVE-2022-4261
CONFIRM
CONFIRM
CONFIRM
red_hat -- openshiftOpenshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.2022-12-09not yet calculatedCVE-2022-3259
MISC
red_hat -- openshiftThe response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.2022-12-08not yet calculatedCVE-2022-3260
MISC
red_hat -- openshiftA flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.2022-12-08not yet calculatedCVE-2022-3262
MISC
reputeinfosystems -- armemberUnauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress.2022-12-06not yet calculatedCVE-2022-42888
MISC
s-cms -- s-cmsA vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability.2022-12-09not yet calculatedCVE-2022-4377
N/A
N/A
samsung -- calendarImproper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.2022-12-08not yet calculatedCVE-2022-39915
MISC
samsung -- decoding_libraryInteger overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.2022-12-08not yet calculatedCVE-2022-39907
MISC
samsung -- decoding_libraryTOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.2022-12-08not yet calculatedCVE-2022-39908
MISC
samsung -- displaymanagerserviceExposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.2022-12-08not yet calculatedCVE-2022-39914
MISC
samsung -- exynos_basebandImproper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB.2022-12-08not yet calculatedCVE-2022-39901
MISC

samsung -- gear_iconx_pc_manager

Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link.2022-12-08not yet calculatedCVE-2022-39909
MISC
samsung -- iiccphonebookImproper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.2022-12-08not yet calculatedCVE-2022-39898
MISC
samsung -- nice_catchImproper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch.2022-12-08not yet calculatedCVE-2022-39900
MISC
samsung -- passImproper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.2022-12-08not yet calculatedCVE-2022-39910
MISC
samsung -- passImproper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass.2022-12-08not yet calculatedCVE-2022-39911
MISC
samsung -- persona_managerExposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information.2022-12-08not yet calculatedCVE-2022-39913
MISC
samsung -- personamanagerserviceImproper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder.2022-12-08not yet calculatedCVE-2022-39912
MISC
samsung -- rcs_callImproper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number.2022-12-08not yet calculatedCVE-2022-39903
MISC
samsung -- sectelephonyproviderImproper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information.2022-12-08not yet calculatedCVE-2022-39906
MISC

samsung -- settings

Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log.2022-12-08not yet calculatedCVE-2022-39904
MISC
samsung -- windowmanagerserviceImproper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture.2022-12-08not yet calculatedCVE-2022-39899
MISC
secomea -- gatemanagerA vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7.2022-12-09not yet calculatedCVE-2022-2752
MISC
secustation -- multiple_productsIn certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217.2022-12-08not yet calculatedCVE-2022-40939
MISC
MISC
seeddms -- seeddmsWeak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack.2022-12-08not yet calculatedCVE-2022-44938
MISC
sentry -- sentry
 
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their `sentry.conf.py` file (usually located at `~/.sentry/`).2022-12-10not yet calculatedCVE-2022-23485
MISC
shift_tech_inc -- bingo!cmsAuthentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.2022-12-07not yet calculatedCVE-2022-42458
MISC
MISC
six_apart_ltd -- movable_typeImproper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.2022-12-07not yet calculatedCVE-2022-43660
MISC
MISC
six_apart_ltd -- movable_typeImproper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.2022-12-07not yet calculatedCVE-2022-45113
MISC
MISC
six_apart_ltd -- movable_typeCross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.2022-12-07not yet calculatedCVE-2022-45122
MISC
MISC
teledyne flir -- ax8A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability.2022-12-08not yet calculatedCVE-2022-4364
N/A
N/A
teleport -- teleportTeleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.2022-12-08not yet calculatedCVE-2022-38599
MISC
MISC
ticklishhoneybee -- nodauA vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252.2022-12-10not yet calculatedCVE-2022-4399
MISC
MISC
MISC
tinymce -- tinymcetinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which presents these dialogs when certain errors occur. The vulnerability allowed arbitrary JavaScript execution when an alert presented in the TinyMCE UI for the current user. This vulnerability has been patched in TinyMCE 5.10.7 and TinyMCE 6.3.1 by ensuring HTML sanitization was still performed after unwrapping invalid elements. Users are advised to upgrade to either 5.10.7 or 6.3.1. Users unable to upgrade may ensure the the `images_upload_handler` returns a valid value as per the images_upload_handler documentation.2022-12-08not yet calculatedCVE-2022-23494
MISC
MISC
MISC
MISC
MISC
MISC
traefik -- traefikTraefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.2022-12-08not yet calculatedCVE-2022-23469
MISC
MISC
MISC
traefik -- traefikTraefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.2022-12-08not yet calculatedCVE-2022-46153
MISC
MISC
MISC
MISC
trendnet -- wireless_ac_easy-upgrader_tew-820apA stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution.2022-12-07not yet calculatedCVE-2022-44373
MISC
typora -- typoraTypora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product.2022-12-07not yet calculatedCVE-2022-43668
MISC
MISC

western_digital -- my_cloud

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.2022-12-09not yet calculatedCVE-2022-29838
MISC

western_digital -- my_cloud

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.2022-12-09not yet calculatedCVE-2022-29839
MISC
wireshark -- wiresharkCrash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows2022-12-09not yet calculatedCVE-2022-3724
MISC
MISC
CONFIRM
xen_project -- xen
 
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.2022-12-07not yet calculatedCVE-2022-3643
MISC
MLIST
yauaa -- yauaaYet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. If uncaught the exception will result in a program crash. Applications that do not use this feature are not affected. Users are advised to upgrade to version 7.9.0. Users unable to upgrade may catch and discard any ArrayIndexOutOfBoundsException thrown by the Yauaa library.2022-12-08not yet calculatedCVE-2022-23496
MISC
MISC
yii -- giiYii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.2022-12-09not yet calculatedCVE-2022-34297
MISC
zephyr -- zephyrThere is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.2022-12-09not yet calculatedCVE-2022-2993
MISC
zkteco -- xiamen_information_technology_zkbio_eco_admsZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS).2022-12-09not yet calculatedCVE-2022-44213
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.