CISA Adds Two Known Exploited Vulnerabilities to Catalog

This article is contributed. See the original author and article here.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

Vulnerability Summary for the Week of November 21, 2022

This article is contributed. See the original author and article here.

airbnb — optica A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`. 2022-11-23 not yet calculated CVE-2022-41875
CONFIRM
MISC
MISC amasty — amasty_blog Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. 2022-11-23 not yet calculated CVE-2022-35500
MISC
MISC amasty — amasty_blog_pro Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. 2022-11-23 not yet calculated CVE-2022-35501
MISC
MISC

apache — dolphinscheduler

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher. 2022-11-24 not yet calculated CVE-2022-26885
MISC apache — multiple_products Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version. 2022-11-22 not yet calculated CVE-2022-40189
MISC
MISC apache — multiple_products Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed). 2022-11-22 not yet calculated CVE-2022-41131
MISC
MISC apache — multiple_products
  Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed). 2022-11-22 not yet calculated CVE-2022-40954
MISC
MISC

apache –airflow_pinot_provider

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version. 2022-11-22 not yet calculated CVE-2022-38649
MISC
MISC artifex — mujs A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. 2022-11-23 not yet calculated CVE-2022-44789
MISC
MISC
CONFIRM asith-eranga — isic_tour File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. 2022-11-22 not yet calculated CVE-2022-30529
MISC
MISC automotive_shop_management_system — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img. 2022-11-23 not yet calculated CVE-2022-44280
MISC automotive_shop_management_system — automotive_shop_management_system  Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php. 2022-11-25 not yet calculated CVE-2022-44858
MISC automotive_shop_management_system — automotive_shop_management_system  Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php. 2022-11-25 not yet calculated CVE-2022-44859
MISC automotive_shop_management_system — automotive_shop_management_system  Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php. 2022-11-25 not yet calculated CVE-2022-44860
MISC backdrop_cms — backdrop_cms Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. 2022-11-23 not yet calculated CVE-2022-42095
MISC
MISC
MISC
MISC
MISC badaso — badaso Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. 2022-11-25 not yet calculated CVE-2022-41705
MISC
MISC

basercms — basercms

BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability. 2022-11-25 not yet calculated CVE-2022-39325
CONFIRM
MISC
MISC bat-c2 — bat-c2 The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor’s ID is BSECV-2022-21. 2022-11-25 not yet calculated CVE-2022-40282
MISC boa — boa Boa 0.94.14rc21 is vulnerable to SQL Injection via username. 2022-11-23 not yet calculated CVE-2022-44117
MISC book_store_management_system — book_store_management_system Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. 2022-11-25 not yet calculated CVE-2022-45225
MISC bouncy_castle — bc-fja An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11. 2022-11-21 not yet calculated CVE-2022-45146
MISC
CONFIRM

churchinfo — churchinfo

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server. 2022-11-23 not yet calculated CVE-2021-43258
MISC
MISC
MISC codeigniter — codeigniter An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data. 2022-11-23 not yet calculated CVE-2022-41446
MISC
MISC
MISC
MISC dedecmdv6 — dedecmdv6 dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. 2022-11-23 not yet calculated CVE-2022-43196
MISC

dedecmdv6 — dedecmdv6

dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. 2022-11-23 not yet calculated CVE-2022-44118
MISC

dedecmdv6 — dedecmdv6

dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. 2022-11-23 not yet calculated CVE-2022-44120
MISC drachtio — drachtio-server drachtio-server 0.8.18 has a heap-based buffer over-read via a long Request-URI in an INVITE request. 2022-11-26 not yet calculated CVE-2022-45909
MISC etms — ondiskplayeragent Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code. 2022-11-25 not yet calculated CVE-2022-41156
MISC eyoom — eyoom_builder Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code. 2022-11-25 not yet calculated CVE-2022-41158
MISC eyoucms — eyoucms A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2022-11-23 not yet calculated CVE-2022-45280
MISC

f-secure — endpoint_protection

In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. 2022-11-25 not yet calculated CVE-2022-38166
MISC filecloud — filecloud FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. 2022-11-23 not yet calculated CVE-2022-39833
CONFIRM
MISC fortiguard_labs — multiple_products An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. 2022-11-25 not yet calculated CVE-2022-38377
MISC frappe — frappe Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. 2022-11-25 not yet calculated CVE-2022-41712
MISC
MISC github — enterprise_server CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program. 2022-11-23 not yet calculated CVE-2022-23740
MISC google — chrome Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) 2022-11-25 not yet calculated CVE-2022-4135
MISC
MISC grails — grails_spring_security_core Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack. This vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1. Impacted Applications: Grails Spring Security Core plugin versions: 1.x 2.x >=3.0.0 <3.3.2 >=4.0.0 <4.0.5 >=5.0.0 <5.1.1 We strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin. Workarounds: Users should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration: * `AnnotationFilterInvocationDefinition` * `InterceptUrlMapFilterInvocationDefinition` * `RequestmapFilterInvocationDefinition` In each case, the subclass should override the `calculateUri` method like so: “` @Override protected String calculateUri(HttpServletRequest request) { UrlPathHelper.defaultInstance.getRequestUri(request) } “` This should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin. 2022-11-23 not yet calculated CVE-2022-41923
CONFIRM
MISC
MISC

h2 — database_engine

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states “This is not a vulnerability of H2 Console … Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.” 2022-11-23 not yet calculated CVE-2022-45868
MISC
MISC

hewlett_packard_enterprise — netbatch-plus

A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details. 2022-11-22 not yet calculated CVE-2022-37931
MISC hitachi_energy — multiple_products An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user’s role. 2022-11-21 not yet calculated CVE-2022-3388
MISC hitachi_energy — pcm600 A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database. An attacker who manages to get access to the exported backup file can exploit the vulnerability and obtain credentials of the IEDs. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs. 2022-11-22 not yet calculated CVE-2022-2513
MISC

human_resource_management_system — human_resource_management_system  

Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message. 2022-11-25 not yet calculated CVE-2022-45218
MISC
MISC

insyde — insydeh20

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O. 2022-11-22 not yet calculated CVE-2022-35407
MISC
MISC

insyde — insydeh2o

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code. 2022-11-21 not yet calculated CVE-2022-35897
MISC
MISC insyde — insydeh2o In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: “In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.” 2022-11-22 not yet calculated CVE-2022-36227
MISC
MISC insyde — insydeh2o An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code. 2022-11-23 not yet calculated CVE-2022-36337
MISC
MISC ipxe — ipxe A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability. 2022-11-21 not yet calculated CVE-2022-4087
MISC
MISC

iterm2 — iterm2

iTerm2 before 3.4.18 mishandles a DECRQSS response. 2022-11-23 not yet calculated CVE-2022-45872
MISC jeecg-boot — jeecg-boot Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. 2022-11-25 not yet calculated CVE-2022-45205
MISC
MISC jeecg-boot — jeecg-boot Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check. 2022-11-25 not yet calculated CVE-2022-45206
MISC
MISC jeecg-boot — jeecg-boot Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. 2022-11-25 not yet calculated CVE-2022-45207
MISC
MISC jeecg-boot — jeecg-boot Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. 2022-11-25 not yet calculated CVE-2022-45208
MISC
MISC jeecg-boot — jeecg-boot Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. 2022-11-25 not yet calculated CVE-2022-45210
MISC
MISC jizhicms — jizhicms An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html 2022-11-23 not yet calculated CVE-2021-29334
MISC jizhicms — jizhicms Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. 2022-11-23 not yet calculated CVE-2022-44140
MISC jizhicms — jizhicms Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. 2022-11-23 not yet calculated CVE-2022-45278
MISC keylime — keylime A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. 2022-11-22 not yet calculated CVE-2022-3500
MISC
MISC knime — analytics_platform A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user’s system. This vulnerability is also known as ‘Zip-Slip’. An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It’s not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is wrong because an error is being reported but only after the files have already been written. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the user. In all cases the attacker has to know the location of files on the user’s system, though. 2022-11-24 not yet calculated CVE-2022-44749
MISC

knime — server

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server’s file system. This vulnerability is also known as ‘Zip-Slip’. An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server’s file system, though. Note that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor’s operating system user. There is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised. 2022-11-24 not yet calculated CVE-2022-44748
MISC librenms — librenms/librenms A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin’s account. 2022-11-20 not yet calculated CVE-2022-4068
MISC
CONFIRM libxml2 — libxml2 An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. 2022-11-23 not yet calculated CVE-2022-40303
MISC
MISC libxml2 — libxml2 An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. 2022-11-23 not yet calculated CVE-2022-40304
MISC
MISC
MISC linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. 2022-11-25 not yet calculated CVE-2022-45884
MISC
MISC linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. 2022-11-25 not yet calculated CVE-2022-45885
MISC
MISC linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. 2022-11-25 not yet calculated CVE-2022-45886
MISC
MISC linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. 2022-11-25 not yet calculated CVE-2022-45887
MISC
MISC linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. 2022-11-25 not yet calculated CVE-2022-45888
MISC manage_engine — manage_engine Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. 2022-11-23 not yet calculated CVE-2022-40770
MISC
MISC manage_engine — manage_engine
  Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. 2022-11-23 not yet calculated CVE-2022-40771
MISC
MISC manage_engine — manage_engine
  Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. 2022-11-23 not yet calculated CVE-2022-40772
MISC
MISC mcafee — total_protection McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges. 2022-11-23 not yet calculated CVE-2022-43751
MISC
MISC

microweber — microweber

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the ‘select-file’ parameter. 2022-11-25 not yet calculated CVE-2022-0698
MISC
MISC

microweber — microweber

Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack. 2022-11-22 not yet calculated CVE-2022-33012
MISC
MISC
MISC
MISC mitsubishi electric — multiple_products Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command. 2022-11-24 not yet calculated CVE-2022-40266
MISC
MISC

mitsubishi_electric — gx_works3

Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 all versions allows an unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. 2022-11-25 not yet calculated CVE-2022-29825
MISC
MISC

mitsubishi_electric — gx_works3

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions 1.086Q and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. 2022-11-25 not yet calculated CVE-2022-29826
MISC
MISC

mitsubishi_electric — gx_works3

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. 2022-11-25 not yet calculated CVE-2022-29827
MISC
MISC

mitsubishi_electric — gx_works3

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. 2022-11-25 not yet calculated CVE-2022-29828
MISC
MISC

mitsubishi_electric — gx_works3

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information . As a result, unauthorized users may view or execute programs illegally. 2022-11-25 not yet calculated CVE-2022-29829
MISC
MISC

mitsubishi_electric — gx_works3

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthorized users may obtain information about project files illegally. 2022-11-25 not yet calculated CVE-2022-29830
MISC
MISC

mitsubishi_electric — gx_works3

Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to obtain information about the project file for MELSEC safety CPU modules. 2022-11-25 not yet calculated CVE-2022-29831
MISC
MISC

mitsubishi_electric — gx_works3

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could obtain information about the project file for MELSEC safety CPU modules. 2022-11-25 not yet calculated CVE-2022-29832
MISC
MISC

mitsubishi_electric — gx_works3

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could access to MELSEC safety CPU modules illgally. 2022-11-25 not yet calculated CVE-2022-29833
MISC
MISC mitsubishi_electric — multiple_products Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users can gain unauthorized access to the CPU module and the OPC UA server module. 2022-11-25 not yet calculated CVE-2022-25164
MISC
MISC moodle — moodle A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle’s inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. 2022-11-25 not yet calculated CVE-2022-45152
MISC
MISC
MISC mpxj– mpxj MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ’s use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r–r–`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files. 2022-11-25 not yet calculated CVE-2022-41954
CONFIRM
MISC nextcloud — nextcloud_desktop Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. 2022-11-25 not yet calculated CVE-2022-39331
MISC
MISC
CONFIRM nextcloud — nextcloud_desktop Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. 2022-11-25 not yet calculated CVE-2022-39332
MISC
MISC
CONFIRM nextcloud — nextcloud_desktop Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. 2022-11-25 not yet calculated CVE-2022-39333
MISC
CONFIRM
MISC nextcloud — nextcloud_desktop Nextcloud desktop is the desktop sync client for Nextcloud. Versions prior to 3.6.1 would incorrectly trust invalid TLS certificates. A Man-in-the-middle attack is possible in case a user can be made running a nextcloudcmd CLI command locally. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this vulnerability. 2022-11-25 not yet calculated CVE-2022-39334
MISC
CONFIRM
MISC
MISC nextcloud — security-advisories user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this vulnerability has only been shown to be exploitable in the Safari web browser. This issue has been addressed in version 1.2.1. Users are advised to upgrade. Users unable to upgrade should urge their users to avoid using the Safari web browser. 2022-11-25 not yet calculated CVE-2022-39338
CONFIRM
MISC
MISC nextcloud — security-advisories user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings). 2022-11-25 not yet calculated CVE-2022-39339
MISC
MISC
CONFIRM nextcloud — security-advisories Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue. 2022-11-25 not yet calculated CVE-2022-39346
CONFIRM
MISC
MISC nextcloud — security-advisories Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue. 2022-11-25 not yet calculated CVE-2022-41926
MISC
CONFIRM
MISC

nxp — multiple_products

An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.) 2022-11-18 not yet calculated CVE-2022-45163
MISC
MISC
MISC

octopus_deploy — octopus_server

In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. 2022-11-25 not yet calculated CVE-2022-2721
MISC orchard — orchard_cms Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim’s browser. 2022-11-25 not yet calculated CVE-2022-37720
MISC
MISC
MISC paddlepaddle — paddlepaddle In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. 2022-11-26 not yet calculated CVE-2022-45908
MISC
MISC pgjdbc — pgjdbc pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system’s temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability. 2022-11-23 not yet calculated CVE-2022-41946
MISC
CONFIRM phpgurukul — blood_donor_management_system PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. 2022-11-25 not yet calculated CVE-2022-38813
MISC
MISC
MISC
MISC pyro — pyrocms PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. 2022-11-25 not yet calculated CVE-2022-37721
MISC
MISC pytorch — pytorch In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. 2022-11-26 not yet calculated CVE-2022-45907
MISC
MISC qmpaas — qmpaas/leadshop Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method. 2022-11-24 not yet calculated CVE-2022-4136
CONFIRM
MISC qpress — qpress qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file. 2022-11-23 not yet calculated CVE-2022-45866
MISC
MISC
MISC
MISC
MISC

qs — qs

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has “deps: qs@6.9.7” in its release description, is not vulnerable). 2022-11-26 not yet calculated CVE-2022-24999
MISC
CONFIRM
CONFIRM rizalafani — cms-php SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. 2022-11-23 not yet calculated CVE-2021-35284
MISC sanitization_management_system — sanitization_management_system Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=. 2022-11-23 not yet calculated CVE-2022-44278
MISC schneider_electric — multiple_products A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24) 2022-11-22 not yet calculated CVE-2022-0222
CONFIRM

schneider_electric — multiple_products

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior) 2022-11-22 not yet calculated CVE-2022-37301
CONFIRM seiko_epson_corporation — multiple_products The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. 2022-11-25 not yet calculated CVE-2022-36133
MISC
MISC silverstripe — multiple_products Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. 2022-11-23 not yet calculated CVE-2022-38724
MISC
MISC
MISC
MISC silverstripe — silverstripe/cms Silverstripe silverstripe/cms through 4.11.0 allows XSS. 2022-11-23 not yet calculated CVE-2022-37421
MISC
MISC
MISC
MISC silverstripe — silverstripe/framework Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. 2022-11-23 not yet calculated CVE-2022-37429
MISC
MISC
MISC
MISC silverstripe — silverstripe/framework Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). 2022-11-23 not yet calculated CVE-2022-37430
MISC
MISC
MISC
MISC

silverstripe — silverstripe/framework

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page’s meta description and get it executed in the versioned history compare view. 2022-11-23 not yet calculated CVE-2022-38145
MISC
MISC
MISC
MISC

silverstripe — silverstripe/framework

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). 2022-11-23 not yet calculated CVE-2022-38147
MISC
MISC
MISC
MISC solarwinds — ets The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user’s network traffic could bypass the application’s use of SSL/TLS encryption and use the application as a platform for attacks against its users. 2022-11-23 not yet calculated CVE-2021-35246
MISC
MISC
MISC solarwinds — sem This vulnerability discloses build and services versions in the server response header. 2022-11-23 not yet calculated CVE-2022-38113
MISC
MISC solarwinds — sem This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. 2022-11-23 not yet calculated CVE-2022-38114
MISC
MISC solarwinds — sem Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT 2022-11-23 not yet calculated CVE-2022-38115
MISC
MISC sourcecodester — billing_system_project Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php. 2022-11-22 not yet calculated CVE-2022-43212
MISC
MISC sourcecodester — billing_system_project Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. 2022-11-23 not yet calculated CVE-2022-43213
MISC
MISC sourcecodester — canteen_management_system
  A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359. 2022-11-25 not yet calculated CVE-2022-4091
MISC
MISC spatie — browsershot Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method. 2022-11-25 not yet calculated CVE-2022-41706
MISC
MISC spatie — browsershot Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL’s that use the file:// protocol. 2022-11-25 not yet calculated CVE-2022-43983
MISC
MISC spatie — browsershot Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol. 2022-11-25 not yet calculated CVE-2022-43984
MISC
MISC stock_management_system — stock_management_system A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability. 2022-11-24 not yet calculated CVE-2022-4088
MISC
MISC stock_management_system — stock_management_system A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214324. 2022-11-24 not yet calculated CVE-2022-4089
MISC
MISC stock_management_system — stock_management_system A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331. 2022-11-24 not yet calculated CVE-2022-4090
MISC
MISC super-xray — super-xray super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ??into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta. 2022-11-21 not yet calculated CVE-2022-41945
CONFIRM
MISC super-xray — super-xray super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue. 2022-11-25 not yet calculated CVE-2022-41958
MISC
CONFIRM

systemd — systemd

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. 2022-11-23 not yet calculated CVE-2022-45873
MISC
MISC
MISC tailscale — tailscale A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue. 2022-11-23 not yet calculated CVE-2022-41924
CONFIRM
MISC
MISC tailscale — tailscale A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node’s Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the node’s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user’s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop. All Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue. 2022-11-23 not yet calculated CVE-2022-41925
CONFIRM
MISC
MISC

technitium_software — dns_server

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for “Ghost” domain names. 2022-11-21 not yet calculated CVE-2022-30257
MISC

technitium_software — dns_server

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for “Ghost” domain names. 2022-11-21 not yet calculated CVE-2022-30258
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set. 2022-11-21 not yet calculated CVE-2022-44171
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler. 2022-11-21 not yet calculated CVE-2022-44172
MISC

tenda — ac18

Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. 2022-11-21 not yet calculated CVE-2022-44174
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. 2022-11-21 not yet calculated CVE-2022-44175
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. 2022-11-21 not yet calculated CVE-2022-44176
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. 2022-11-21 not yet calculated CVE-2022-44177
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. 2022-11-21 not yet calculated CVE-2022-44178
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter. 2022-11-21 not yet calculated CVE-2022-44180
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. 2022-11-21 not yet calculated CVE-2022-44183
MISC

tiny_file_manager — tiny_file_manager

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files. 2022-11-25 not yet calculated CVE-2022-23044
MISC
MISC tiny_file_manager — tiny_file_manager Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files. 2022-11-25 not yet calculated CVE-2022-45475
MISC
MISC tiny_file_manager — tiny_file_manager Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files. 2022-11-25 not yet calculated CVE-2022-45476
MISC
MISC

totolink — a7100ru

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. 2022-11-25 not yet calculated CVE-2022-44843
MISC

totolink — a7100ru

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. 2022-11-25 not yet calculated CVE-2022-44844
MISC tu6ge — oss-rs aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1. 2022-11-22 not yet calculated CVE-2022-39397
MISC
CONFIRM vim — vim/vim The target’s backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable. 2022-11-25 not yet calculated CVE-2022-4141
CONFIRM
MISC vmware — open-vm-tools An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled. 2022-11-23 not yet calculated CVE-2009-1142
MISC
MISC vmware — open-vm-tools An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter). 2022-11-23 not yet calculated CVE-2009-1143
MISC
MISC wbce — wbce_cms A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. 2022-11-25 not yet calculated CVE-2022-45036
MISC wbce — wbce_cms A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. 2022-11-25 not yet calculated CVE-2022-45037
MISC wbce — wbce_cms A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. 2022-11-25 not yet calculated CVE-2022-45038
MISC wbce — wbce_cms An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-25 not yet calculated CVE-2022-45039
MISC wbce — wbce_cms A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. 2022-11-25 not yet calculated CVE-2022-45040
MISC web_based_quiz_system — web_based_quiz_system Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users’ passwords via a bruteforce attack. 2022-11-25 not yet calculated CVE-2022-44411
MISC webcash — serp_server A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands. 2022-11-25 not yet calculated CVE-2022-41157
MISC wger — wger Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2. 2022-11-24 not yet calculated CVE-2022-2650
CONFIRM
MISC

wind_river — vxworks

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. 2022-11-25 not yet calculated CVE-2022-38767
MISC
MISC wordpress — wordpress The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc.. 2022-11-21 not yet calculated CVE-2022-3861
MISC
MISC
MISC wordpress — wordpress Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. 2022-11-22 not yet calculated CVE-2022-44737
MISC

wordpress — wordpress

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress. 2022-11-22 not yet calculated CVE-2022-45363
MISC xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on main wiki or edit the page and apply the changed described in commit fb49b4f. 2022-11-22 not yet calculated CVE-2022-41937
MISC
MISC
CONFIRM xwiki — xwiki-platform
  XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It’s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: “` #if (!$services.csrf.isTokenValid($request.get(‘form_token’))) #set ($discard = $response.sendError(401, “Wrong CSRF token”)) #end “` 2022-11-23 not yet calculated CVE-2022-41927
MISC
CONFIRM xwiki — xwiki-platform
  XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: – 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 – 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 – 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 2022-11-23 not yet calculated CVE-2022-41928
CONFIRM
MISC xwiki — xwiki-platform
  org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1. 2022-11-23 not yet calculated CVE-2022-41929
CONFIRM
MISC
MISC xwiki — xwiki-platform
  org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page `XWiki.XWikiUserProfileSheet` in the wiki and by performing the changes contained in https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa. 2022-11-23 not yet calculated CVE-2022-41930
MISC
MISC
CONFIRM xwiki — xwiki-platform
  xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes. 2022-11-23 not yet calculated CVE-2022-41931
MISC
MISC
CONFIRM xwiki — xwiki-platform
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue. 2022-11-23 not yet calculated CVE-2022-41932
MISC
CONFIRM xwiki — xwiki-platform
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the “Forgot your password” link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It’s also possible for administrators to set some properties for the migration: it’s possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won’t be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords. 2022-11-23 not yet calculated CVE-2022-41933
MISC
MISC
MISC
CONFIRM
MISC xwiki — xwiki-platform
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate. 2022-11-23 not yet calculated CVE-2022-41934
CONFIRM
MISC
MISC
MISC
MISC xwiki — xwiki-platform
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue. 2022-11-23 not yet calculated CVE-2022-41935
CONFIRM
MISC
MISC xwiki — xwiki-platform
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user’s rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds. 2022-11-22 not yet calculated CVE-2022-41936
CONFIRM
MISC
MISC yiisoft — yii
  `yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27. 2022-11-23 not yet calculated CVE-2022-41922
CONFIRM
MISC yjcms — yjcms An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. 2022-11-23 not yet calculated CVE-2022-45276
MISC yoroi — fusiondirectory Fusiondirectory 1.3 suffers from Improper Session Handling. 2022-11-22 not yet calculated CVE-2022-36179
MISC
MISC yoroi — fusiondirectory Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. 2022-11-22 not yet calculated CVE-2022-36180
MISC
MISC zte — mf286r There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection. 2022-11-22 not yet calculated CVE-2022-39066
MISC

zte — mf286r

There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. 2022-11-22 not yet calculated CVE-2022-39067
MISC

zte — pon_olt

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. 2022-11-22 not yet calculated CVE-2022-39070
MISC
CISA Releases Eight Industrial Control Systems Advisories

CISA Releases Eight Industrial Control Systems Advisories

This article is contributed. See the original author and article here.

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

SSL

Secure .gov websites use HTTPS

A lock (lock icon) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.