by Scott Muniz | Nov 7, 2022 | Security, Technology
This article is contributed. See the original author and article here.
honeywell — c200_firmware |
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. |
2022-10-28 |
10 |
CVE-2021-38397 CONFIRM CONFIRM |
dlink — dir-846_firmware |
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php. |
2022-10-31 |
9.8 |
CVE-2020-21016 MISC MISC |
mkcms_project — mkcms |
MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. |
2022-11-03 |
9.8 |
CVE-2020-22818 MISC |
mkcms_project — mkcms |
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. |
2022-11-03 |
9.8 |
CVE-2020-22819 MISC |
mkcms_project — mkcms |
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. |
2022-11-03 |
9.8 |
CVE-2020-22820 MISC |
honeywell — c200_firmware |
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. |
2022-10-28 |
9.8 |
CVE-2021-38395 CONFIRM CONFIRM |
xfig_project — xfig |
xfig 3.2.7 is vulnerable to Buffer Overflow. |
2022-10-31 |
9.8 |
CVE-2021-40241 MISC |
stimulsoft — reports |
Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user’s local machine, as demonstrated by System.Diagnostics.Process.Start. |
2022-10-29 |
9.8 |
CVE-2021-42777 MISC |
ibm — infosphere_information_server |
“IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598.” |
2022-11-03 |
9.8 |
CVE-2022-22425 MISC |
octopus — octopus_server |
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. |
2022-11-01 |
9.8 |
CVE-2022-2572 MISC |
sick — sim2000_firmware |
Password recovery vulnerability in SICK SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM4000. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled. |
2022-11-01 |
9.8 |
CVE-2022-27582 MISC |
sick — sim2000st_firmware |
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 and 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM2000ST. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled. |
2022-11-01 |
9.8 |
CVE-2022-27584 MISC |
sick — sim1000_fx_firmware |
Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version < 1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible. (available in SICK Support Portal) |
2022-11-01 |
9.8 |
CVE-2022-27585 MISC |
sick — sim1004-0p0g311_firmware |
Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version < 2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible. |
2022-11-01 |
9.8 |
CVE-2022-27586 MISC |
gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO |
2022-10-28 |
9.8 |
CVE-2022-2826 CONFIRM MISC MISC |
pingcap — tidb |
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. |
2022-11-04 |
9.8 |
CVE-2022-3023 CONFIRM MISC |
vmware — spring_security |
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true) |
2022-10-31 |
9.8 |
CVE-2022-31692 MISC |
awpcp — another_wordpress_classifieds_plugin |
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection |
2022-10-31 |
9.8 |
CVE-2022-3254 CONFIRM |
apple — iphone_os |
The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution. |
2022-11-01 |
9.8 |
CVE-2022-32941 MISC MISC MISC MISC MISC |
cloudflare — warp |
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli ‘set-custom-endpoint’ subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. |
2022-10-28 |
9.8 |
CVE-2022-3320 MISC |
eaton — foreseer_electrical_power_monitoring_system |
A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . |
2022-10-28 |
9.8 |
CVE-2022-33859 MISC |
frauscher — frauscher_diagnostic_system_102 |
Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device. |
2022-11-02 |
9.8 |
CVE-2022-3575 CONFIRM |
ehoney_project — ehoney |
A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212411. |
2022-10-28 |
9.8 |
CVE-2022-3729 N/A |
ehoney_project — ehoney |
A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file /api/v1/attack/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212412. |
2022-10-28 |
9.8 |
CVE-2022-3730 N/A |
ehoney_project — ehoney |
A vulnerability has been found in seccome Ehoney and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/attack/token. The manipulation of the argument Payload leads to sql injection. The attack can be launched remotely. The identifier VDB-212413 was assigned to this vulnerability. |
2022-10-28 |
9.8 |
CVE-2022-3731 N/A |
ehoney_project — ehoney |
A vulnerability was found in seccome Ehoney and classified as critical. Affected by this issue is some unknown functionality of the file /api/v1/bait/set. The manipulation of the argument Payload leads to sql injection. The attack may be launched remotely. VDB-212414 is the identifier assigned to this vulnerability. |
2022-10-28 |
9.8 |
CVE-2022-3732 N/A |
redis — redis |
A vulnerability was found in Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212416. |
2022-10-28 |
9.8 |
CVE-2022-3734 N/A N/A |
ehoney_project — ehoney |
A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability. |
2022-10-28 |
9.8 |
CVE-2022-3735 N/A |
chatwoot — chatwoot |
Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. nnFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. |
2022-10-28 |
9.8 |
CVE-2022-3741 CONFIRM MISC |
opennebula — opennebula |
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. |
2022-10-28 |
9.8 |
CVE-2022-37425 MISC |
phpmyfaq — phpmyfaq |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. |
2022-10-29 |
9.8 |
CVE-2022-3754 MISC CONFIRM |
browserify-shim_project — browserify-shim |
Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js. |
2022-10-28 |
9.8 |
CVE-2022-37621 MISC MISC MISC |
browserify-shim_project — _browserify-shim |
Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js. |
2022-10-31 |
9.8 |
CVE-2022-37623 MISC MISC MISC |
easyiicms — easyiicms |
A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability. |
2022-10-31 |
9.8 |
CVE-2022-3771 N/A |
tim_campus_confession_wall_project — tim_campus_confession_wall |
A vulnerability has been found in Tim Campus Confession Wall and classified as critical. Affected by this vulnerability is an unknown functionality of the file share.php. The manipulation of the argument post_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212611. |
2022-11-01 |
9.8 |
CVE-2022-3789 N/A N/A |
arubanetworks — aruba_edgeconnect_enterprise_orchestrator |
Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. |
2022-10-28 |
9.8 |
CVE-2022-37913 MISC |
arubanetworks — aruba_edgeconnect_enterprise_orchestrator |
Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. |
2022-10-28 |
9.8 |
CVE-2022-37914 MISC |
arubanetworks — aruba_edgeconnect_enterprise_orchestrator |
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected. |
2022-10-28 |
9.8 |
CVE-2022-37915 MISC |
deltaww — infrasuite_device_master |
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization. |
2022-10-31 |
9.8 |
CVE-2022-38142 MISC |
centreon — centreon |
A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. The name of the patch is 293b10628f7d9f83c6c82c78cf637cbe9b907369. It is recommended to apply a patch to fix this issue. VDB-212794 is the identifier assigned to this vulnerability. |
2022-11-02 |
9.8 |
CVE-2022-3827 MISC MISC MISC |
fortinet — fortiadc |
An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request. |
2022-11-02 |
9.8 |
CVE-2022-38381 CONFIRM |
glpi-project — glpi |
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest. |
2022-11-03 |
9.8 |
CVE-2022-39323 CONFIRM |
xmldom_project — xmldom |
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`. |
2022-11-02 |
9.8 |
CVE-2022-39353 MISC CONFIRM |
datahub_project — datahub |
DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds. |
2022-10-28 |
9.8 |
CVE-2022-39366 MISC MISC MISC CONFIRM MISC |
fluentd — fluentd |
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable `FLUENT_OJ_OPTION_MODE` is explicitly set to `object`. Please note: The option FLUENT_OJ_OPTION_MODE was introduced in Fluentd version 1.13.2. Earlier versions of Fluentd are not affected by this vulnerability. This issue was patched in version 1.15.3. As a workaround do not use `FLUENT_OJ_OPTION_MODE=object`. |
2022-11-02 |
9.8 |
CVE-2022-39379 MISC CONFIRM |
keystonejs — keystone |
Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/core@3.0.0 || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `”development”` for user code, irrespective of what your environment variables. If you do not use `NODE_ENV` in your user code to trigger security-sensitive functionality, you are not impacted by this vulnerability. Any dependencies that use `NODE_ENV` to trigger particular behaviors (optimizations, security or otherwise) should still respect your environment’s configured `NODE_ENV` variable. The application’s dependencies, as found in `node_modules` (including `@keystone-6/core`), are typically not compiled as part of this process, and thus should be unaffected. We have tested this assumption by verifying that `NODE_ENV=production yarn keystone start` still uses secure cookies when using `statelessSessions`. This vulnerability has been fixed in @keystone-6/core@3.0.2, regression tests have been added for this vulnerability in #8063. |
2022-11-03 |
9.8 |
CVE-2022-39382 MISC CONFIRM MISC |
deltaww — infrasuite_device_master |
The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication. This function allows the user to designate all function arguments and the file to be executed. This could allow the attacker to start any new process and achieve remote code execution. |
2022-10-31 |
9.8 |
CVE-2022-40202 MISC |
phppointofsale — php_point_of_sale |
The application was vulnerable to a session fixation that could be used hijack accounts. |
2022-10-31 |
9.8 |
CVE-2022-40293 MISC |
phppointofsale — php_point_of_sale |
The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. |
2022-10-31 |
9.8 |
CVE-2022-40296 MISC |
clinic’s_patient_management_system_project — clinic’s_patient_management_system |
Remote Code Execution in Clinic’s Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php |
2022-10-31 |
9.8 |
CVE-2022-40471 MISC MISC MISC |
softnext — mail_sqr_expert |
Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service. |
2022-10-31 |
9.8 |
CVE-2022-40741 MISC |
hitachi — infrastructure_analytics_advisor |
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. |
2022-11-01 |
9.8 |
CVE-2022-41552 MISC |
heidenhain — heros |
The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line. |
2022-10-28 |
9.8 |
CVE-2022-41648 MISC |
deltaww — infrasuite_device_master |
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations and could ultimately result in remote code execution. |
2022-10-31 |
9.8 |
CVE-2022-41657 MISC |
deltaww — infrasuite_device_master |
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution. |
2022-10-31 |
9.8 |
CVE-2022-41772 MISC |
deltaww — infrasuite_device_master |
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, leading to remote code execution. |
2022-10-31 |
9.8 |
CVE-2022-41779 MISC |
auieo — candidats |
CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks. |
2022-11-03 |
9.8 |
CVE-2022-42744 MISC MISC |
apple — macos |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution. |
2022-11-01 |
9.8 |
CVE-2022-42808 MISC MISC MISC MISC |
apple — macos |
A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution. |
2022-11-01 |
9.8 |
CVE-2022-42813 MISC MISC MISC MISC |
haxx — curl |
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. |
2022-10-29 |
9.8 |
CVE-2022-42915 MISC FEDORA |
tenda — ac23_firmware |
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. |
2022-11-03 |
9.8 |
CVE-2022-43101 MISC |
tenda — ac23_firmware |
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. |
2022-11-03 |
9.8 |
CVE-2022-43102 MISC |
tenda — ac23_firmware |
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. |
2022-11-03 |
9.8 |
CVE-2022-43103 MISC |
tenda — ac23_firmware |
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. |
2022-11-03 |
9.8 |
CVE-2022-43104 MISC |
tenda — ac23_firmware |
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. |
2022-11-03 |
9.8 |
CVE-2022-43105 MISC |
tenda — ac23_firmware |
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. |
2022-11-03 |
9.8 |
CVE-2022-43106 MISC |
tenda — ac23_firmware |
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. |
2022-11-03 |
9.8 |
CVE-2022-43107 MISC |
tenda — ac23_firmware |
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. |
2022-11-03 |
9.8 |
CVE-2022-43108 MISC |
dlink — dir-823g_firmware |
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet. |
2022-11-03 |
9.8 |
CVE-2022-43109 MISC MISC |
rukovoditel — rukovoditel |
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. |
2022-10-28 |
9.8 |
CVE-2022-43168 MISC |
f5 — njs |
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. |
2022-10-28 |
9.8 |
CVE-2022-43286 MISC MISC |
lesspipe_project — lesspipe |
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. |
2022-11-01 |
9.8 |
CVE-2022-44542 MISC MISC |
zoom — virtual_desktop_infrastructure |
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers. |
2022-10-31 |
9.6 |
CVE-2022-28763 MISC |
sauter-controls — moduweb_firmware |
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive information, including user credentials. |
2022-10-31 |
9.6 |
CVE-2022-40190 MISC |
silabs — gecko_bootloader |
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. |
2022-11-02 |
9.1 |
CVE-2022-24936 MISC MISC |
sick — flx3-cpuc1_firmware |
A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. |
2022-10-31 |
9.1 |
CVE-2022-27583 MISC |
vmware — cloud_foundation |
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. |
2022-10-28 |
9.1 |
CVE-2022-31678 MISC |
train_scheduler_app_project — train_scheduler_app |
A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504. |
2022-10-31 |
9.1 |
CVE-2022-3774 MISC MISC MISC |
ibm — infosphere_information_server |
“IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584.” |
2022-11-03 |
9.1 |
CVE-2022-40747 MISC |
deltaww — infrasuite_device_master |
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords. |
2022-10-31 |
9.1 |
CVE-2022-41629 MISC |
phppointofsale — php_point_of_sale |
The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account. |
2022-10-31 |
9 |
CVE-2022-40287 MISC |
phppointofsale — php_point_of_sale |
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile. |
2022-10-31 |
9 |
CVE-2022-40288 MISC |
phppointofsale — php_point_of_sale |
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files. |
2022-10-31 |
9 |
CVE-2022-40289 MISC |
expresstech — quiz_and_survey_master |
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. |
2022-11-03 |
8.8 |
CVE-2021-36906 CONFIRM CONFIRM |
haascnc — haas_controller_firmware |
Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the “Ethernet Q Commands” service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. |
2022-10-28 |
8.8 |
CVE-2022-2475 MISC |
keywordrush — content_egg |
Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress. |
2022-11-03 |
8.8 |
CVE-2022-25952 CONFIRM CONFIRM |
apple — macos |
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. |
2022-11-01 |
8.8 |
CVE-2022-26709 MISC MISC MISC MISC MISC |
apple — macos |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. |
2022-11-01 |
8.8 |
CVE-2022-26710 MISC MISC MISC MISC |
apple — macos |
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. |
2022-11-01 |
8.8 |
CVE-2022-26716 MISC MISC MISC MISC MISC |
apple — macos |
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
2022-11-01 |
8.8 |
CVE-2022-26717 MISC MISC MISC MISC MISC MISC |
apple — macos |
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. |
2022-11-01 |
8.8 |
CVE-2022-26719 MISC MISC MISC MISC MISC |
superwhite — demon_image_annotation |
The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2022-10-28 |
8.8 |
CVE-2022-2864 MISC MISC MISC |
ibm — infosphere_information_server |
“IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a “user that the website trusts. IBM X-Force ID: 227295. |
2022-11-03 |
8.8 |
CVE-2022-30608 MISC |
hypr — workforce_access |
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse. |
2022-11-03 |
8.8 |
CVE-2022-3258 MISC |
apple — iphone_os |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. |
2022-11-01 |
8.8 |
CVE-2022-32888 MISC MISC MISC MISC MISC MISC MISC MLIST |
apple — macos |
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution. |
2022-11-01 |
8.8 |
CVE-2022-32922 MISC MISC MISC |
apple — macos |
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. A remote user may be able to cause kernel code execution. |
2022-11-01 |
8.8 |
CVE-2022-32934 MISC MISC MISC |
google — chrome |
Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) |
2022-11-01 |
8.8 |
CVE-2022-3304 MISC MISC |
google — chrome |
Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) |
2022-11-01 |
8.8 |
CVE-2022-3305 MISC MISC |
google — chrome |
Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) |
2022-11-01 |
8.8 |
CVE-2022-3306 MISC MISC |
google — chrome |
Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) |
2022-11-01 |
8.8 |
CVE-2022-3307 MISC MISC |
google — chrome |
Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: Low) |
2022-11-01 |
8.8 |
CVE-2022-3315 MISC MISC |
nextend — smart_slider_3 |
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site. |
2022-10-31 |
8.8 |
CVE-2022-3357 CONFIRM |
google — chrome |
Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) |
2022-11-01 |
8.8 |
CVE-2022-3370 MISC MISC |
google — chrome |
Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chrome security severity: High) |
2022-11-01 |
8.8 |
CVE-2022-3373 MISC MISC |
bricksbuilder — bricks |
The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution. |
2022-10-28 |
8.8 |
CVE-2022-3401 MISC MISC |
cloudflare — warp |
Using warp-cli command “add-trusted-ssid”, a user was able to disconnect WARP client and bypass the “Lock WARP switch” feature resulting in Zero Trust policies not being enforced on an affected endpoint. |
2022-10-28 |
8.8 |
CVE-2022-3512 MISC |
google — chrome |
Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) |
2022-11-01 |
8.8 |
CVE-2022-3652 MISC MISC |
google — chrome |
Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) |
2022-11-01 |
8.8 |
CVE-2022-3653 MISC MISC |
google — chrome |
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) |
2022-11-01 |
8.8 |
CVE-2022-3654 MISC MISC |
google — chrome |
Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: Medium) |
2022-11-01 |
8.8 |
CVE-2022-3655 MISC MISC |
google — chrome |
Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chrome security severity: Medium) |
2022-11-01 |
8.8 |
CVE-2022-3656 MISC MISC |
google — chrome |
Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chrome security severity: Medium) |
2022-11-01 |
8.8 |
CVE-2022-3657 MISC MISC |
google — chrome |
Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chrome security severity: Medium) |
2022-11-01 |
8.8 |
CVE-2022-3658 MISC MISC |
google — chrome |
Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chrome security severity: Medium) |
2022-11-01 |
8.8 |
CVE-2022-3659 MISC MISC |
google — chrome |
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) |
2022-11-01 |
8.8 |
CVE-2022-3723 MISC MISC |
web-based_student_clearance_system_project — web-based_student_clearance_system |
A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212415. |
2022-10-28 |
8.8 |
CVE-2022-3733 N/A N/A |
exiv2 — exiv2 |
A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496. |
2022-10-29 |
8.8 |
CVE-2022-3756 MISC MISC |
exiv2 — exiv2 |
A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability. |
2022-10-29 |
8.8 |
CVE-2022-3757 MISC MISC MISC |
xjyunjing — yunjing_content_management_system |
A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500. |
2022-10-31 |
8.8 |
CVE-2022-3770 N/A N/A |
easyiicms — easyiicms |
A vulnerability, which was classified as problematic, was found in easyii CMS. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. VDB-212502 is the identifier assigned to this vulnerability. |
2022-10-31 |
8.8 |
CVE-2022-3772 N/A N/A |
oracle — restaurant_menu_-_food_ordering_system_-_table_reservation |
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2022-11-03 |
8.8 |
CVE-2022-3776 MISC MISC |
ibax — go-ibax |
A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212634 is the identifier assigned to this vulnerability. |
2022-11-01 |
8.8 |
CVE-2022-3798 N/A N/A |
ibax — go-ibax |
A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212635. |
2022-11-01 |
8.8 |
CVE-2022-3799 N/A N/A |
ibax — go-ibax |
A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636. |
2022-11-01 |
8.8 |
CVE-2022-3800 N/A N/A |
ibax — go-ibax |
A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability. |
2022-11-01 |
8.8 |
CVE-2022-3801 N/A N/A |
ibax — go-ibax |
A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The manipulation of the argument where leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212638 is the identifier assigned to this vulnerability. |
2022-11-01 |
8.8 |
CVE-2022-3802 N/A N/A |
m-files — hubshare |
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. |
2022-10-31 |
8.8 |
CVE-2022-39016 MISC |
glpi-project — glpi |
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. |
2022-11-03 |
8.8 |
CVE-2022-39234 CONFIRM |
discourse — discourse |
Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user’s email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses. |
2022-11-02 |
8.8 |
CVE-2022-39356 CONFIRM MISC |
phppointofsale — php_point_of_sale |
The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts. |
2022-10-31 |
8.8 |
CVE-2022-40291 MISC |
phppointofsale — php_point_of_sale |
The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers. |
2022-10-31 |
8.8 |
CVE-2022-40294 MISC |
deltaww — infrasuite_device_master |
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges. |
2022-10-31 |
8.8 |
CVE-2022-41644 MISC |
formalms — formalms |
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. |
2022-10-31 |
8.8 |
CVE-2022-41681 CONFIRM |
xen — xen |
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain. |
2022-11-01 |
8.8 |
CVE-2022-42309 MISC CONFIRM MLIST DEBIAN |
auieo — candidats |
CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. |
2022-11-03 |
8.8 |
CVE-2022-42750 MISC MISC |
auieo — candidats |
CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. |
2022-11-03 |
8.8 |
CVE-2022-42751 MISC MISC |
apple — iphone_os |
A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may lead to arbitrary code execution. |
2022-11-01 |
8.8 |
CVE-2022-42795 MISC MISC MISC MISC |
apple — macos |
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. |
2022-11-01 |
8.8 |
CVE-2022-42823 MISC MISC MISC MISC MISC MLIST |
formalms — formalms |
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the ‘id’ parameter in the ‘appCore/index.php?r=adm/mediagallery/delete’ function in order to dump the entire database or delete all contents from the ‘core_user_file’ table. |
2022-10-31 |
8.8 |
CVE-2022-42923 CONFIRM |
formalms — formalms |
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection. |
2022-10-31 |
8.8 |
CVE-2022-42925 CONFIRM |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system |
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/view_appointment. |
2022-11-02 |
8.8 |
CVE-2022-43226 MISC |
totaljs — total.js |
In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. |
2022-10-30 |
8.8 |
CVE-2022-44019 MISC MISC MISC |
pixman — pixman |
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. |
2022-11-03 |
8.8 |
CVE-2022-44638 MISC MLIST |
fortinet — fortimail |
An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64. |
2022-11-02 |
8.6 |
CVE-2022-26122 CONFIRM |
apple — macos |
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions. |
2022-11-01 |
8.6 |
CVE-2022-32890 MISC |
apple — safari |
An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions. |
2022-11-01 |
8.6 |
CVE-2022-32892 MISC MISC MISC MISC |
cloudflare — warp_mobile_client |
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. |
2022-10-28 |
8.5 |
CVE-2022-3337 MISC |
cloudflare — warp_mobile_client |
It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both “Disable for cellular networks” and “Disable for Wi-Fi networks” switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform. |
2022-10-28 |
8.2 |
CVE-2022-3321 MISC |
stb_project — stb |
stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. |
2022-11-02 |
8.1 |
CVE-2021-37789 MISC |
fortinet — fortios |
A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack. |
2022-11-02 |
8.1 |
CVE-2022-30307 CONFIRM |
vmware — spring_security |
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token. |
2022-10-31 |
8.1 |
CVE-2022-31690 MISC |
thimpress — learnpress |
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function. |
2022-10-31 |
8.1 |
CVE-2022-3360 CONFIRM |
google — web_stories |
The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the ‘url’ parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. |
2022-10-28 |
8.1 |
CVE-2022-3708 MISC MISC MISC MISC |
haascnc — haas_controller_firmware |
Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device. |
2022-10-28 |
8 |
CVE-2022-2474 MISC |
apereo — phpcas |
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to “^(https)://.*”) or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim’s account on a vulnerable CASified service without victim’s knowledge, when the victim visits attacker’s website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS < 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP’s HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior. |
2022-11-01 |
8 |
CVE-2022-39369 CONFIRM |
jhead_project — jhead |
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. |
2022-11-04 |
7.8 |
CVE-2021-34055 MISC |
netskope — netskope |
Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user. |
2022-11-03 |
7.8 |
CVE-2021-44862 MISC |
fortinet — fortisiem |
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. |
2022-11-02 |
7.8 |
CVE-2022-26119 CONFIRM |
apple — macos |
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution. |
2022-11-01 |
7.8 |
CVE-2022-26730 MISC |
apple — macos |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with system privileges. |
2022-11-01 |
7.8 |
CVE-2022-26762 MISC MISC |
apple — mac_os_x |
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges. |
2022-11-01 |
7.8 |
CVE-2022-32794 MISC MISC MISC |
apple — iphone_os |
The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32865 MISC MISC |
apple — macos |
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32866 MISC MISC MISC MISC MISC |
apple — iphone_os |
The issue was addressed with improved memory handling. This issue is fixed in iOS 16. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32887 MISC |
apple — iphone_os |
The issue was addressed with improved memory handling. This issue is fixed in iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32889 MISC MISC |
apple — iphone_os |
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32898 MISC MISC MISC MISC |
apple — iphone_os |
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32899 MISC MISC MISC MISC |
apple — iphone_os |
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32903 MISC MISC MISC |
apple — macos |
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges. |
2022-11-01 |
7.8 |
CVE-2022-32905 MISC |
apple — iphone_os |
This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32907 MISC MISC MISC |
apple — iphone_os |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32914 MISC MISC MISC MISC MISC MISC |
apple — macos |
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32915 MISC |
apple — macos |
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32924 MISC MISC MISC MISC MISC MISC |
apple — iphone_os |
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32932 MISC MISC MISC |
apple — iphone_os |
The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32939 MISC MISC |
apple — macos |
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32940 MISC MISC MISC MISC |
apple — macos |
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32944 MISC MISC MISC MISC MISC MISC MISC |
apple — macos |
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-32947 MISC MISC MISC |
fortinet — fortitester |
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. |
2022-11-02 |
7.8 |
CVE-2022-33870 CONFIRM |
ibm — infosphere_information_server |
“IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-“Force ID: 231361. |
2022-11-03 |
7.8 |
CVE-2022-35717 MISC |
axiosys — bento4 |
A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4_Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp of the component mp4hls. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212563. |
2022-10-31 |
7.8 |
CVE-2022-3784 N/A N/A N/A |
axiosys — bento4 |
A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_DataBuffer::SetDataSize of the component Avcinfo. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212564. |
2022-10-31 |
7.8 |
CVE-2022-3785 N/A N/A N/A |
schneider-electric — ecostruxure_operator_terminal_expert |
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). |
2022-11-04 |
7.8 |
CVE-2022-41666 MISC |
schneider-electric — ecostruxure_operator_terminal_expert |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). |
2022-11-04 |
7.8 |
CVE-2022-41667 MISC |
schneider-electric — ecostruxure_operator_terminal_expert |
A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). |
2022-11-04 |
7.8 |
CVE-2022-41668 MISC |
opensvc — multipath-tools |
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. |
2022-10-29 |
7.8 |
CVE-2022-41973 MISC MISC MISC FULLDISC MISC |
opensvc — multipath-tools |
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. |
2022-10-29 |
7.8 |
CVE-2022-41974 MISC MISC MISC FULLDISC MISC |
apple — ipados |
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS 15.7, macOS Ventura 13. An app may be able to gain elevated privileges. |
2022-11-01 |
7.8 |
CVE-2022-42796 MISC MISC |
apple — macos |
This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution. |
2022-11-01 |
7.8 |
CVE-2022-42800 MISC MISC MISC MISC MISC MISC |
apple — macos |
A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7.8 |
CVE-2022-42801 MISC MISC MISC MISC MISC MISC |
apple — macos |
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution. |
2022-11-01 |
7.8 |
CVE-2022-42809 MISC |
apple — macos |
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination or arbitrary code execution. |
2022-11-01 |
7.8 |
CVE-2022-42820 MISC MISC |
apple — iphone_os |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. |
2022-11-01 |
7.8 |
CVE-2022-42827 MISC MISC |
webassembly — wasm |
wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h. |
2022-10-28 |
7.8 |
CVE-2022-43281 MISC |
hcltech — verse |
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app. |
2022-11-01 |
7.5 |
CVE-2020-4099 CONFIRM |
hcltech — hcl_launch_container_image |
The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. |
2022-10-31 |
7.5 |
CVE-2021-27784 CONFIRM |
honeywell — c200_firmware |
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. |
2022-10-28 |
7.5 |
CVE-2021-38399 CONFIRM CONFIRM |
mt — ind780_firmware |
A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label ‘IND780_8.0.07’), Version 7.2.10 June 18, 2012 (SS Label ‘IND780_7.2.10’). It was possible to traverse the folders of the affected host by providing a traversal path to the ‘webpage’ parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future. |
2022-10-31 |
7.5 |
CVE-2021-40661 MISC MISC |
hitachi — vantara_pentaho |
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory. |
2022-11-02 |
7.5 |
CVE-2021-45446 MISC |
hitachi — vantara_pentaho |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access. |
2022-11-02 |
7.5 |
CVE-2021-45447 MISC |
muhammara_project — muhammara |
The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data. |
2022-11-01 |
7.5 |
CVE-2022-25885 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
muhammara_project — muhammara |
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. |
2022-11-01 |
7.5 |
CVE-2022-25892 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
zephyrproject — zephyr |
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa). |
2022-10-31 |
7.5 |
CVE-2022-2741 MISC |
schoolbox — schoolbox |
The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database. |
2022-10-31 |
7.5 |
CVE-2022-3059 MISC |
trihedral — vtscada |
An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. |
2022-11-02 |
7.5 |
CVE-2022-3181 MISC |
apache — unstructured_information_management_architecture |
A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine. |
2022-11-03 |
7.5 |
CVE-2022-32287 MISC MLIST |
apple — mac_os_x |
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper. |
2022-11-01 |
7.5 |
CVE-2022-32910 MISC MISC MISC |
apple — iphone_os |
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app. |
2022-11-01 |
7.5 |
CVE-2022-32927 MISC MISC |
cloudflare — warp_mobile_client |
Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the “Disable WARP” quick action. |
2022-10-28 |
7.5 |
CVE-2022-3322 MISC |
fortinet — fortios |
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS. |
2022-11-02 |
7.5 |
CVE-2022-35842 CONFIRM |
openssl — openssl |
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6). |
2022-11-01 |
7.5 |
CVE-2022-3602 CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST CISCO GENTOO CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MISC MLIST MLIST MLIST MLIST MLIST CONFIRM CERT-VN MLIST MLIST MLIST MLIST MLIST MLIST MISC MISC MISC MISC MISC MISC |
cloudflare — octorpki |
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. |
2022-10-28 |
7.5 |
CVE-2022-3616 MISC |
redhat — ansible_collection |
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. |
2022-10-28 |
7.5 |
CVE-2022-3697 MISC |
opennebula — opennebula |
Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. |
2022-10-28 |
7.5 |
CVE-2022-37426 MISC |
html-minifier_project — html-minifier |
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js. |
2022-10-31 |
7.5 |
CVE-2022-37620 MISC MISC MISC |
devolutions — remote_desktop_manager |
Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. |
2022-11-01 |
7.5 |
CVE-2022-3780 MISC |
openssl — openssl |
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. |
2022-11-01 |
7.5 |
CVE-2022-3786 CONFIRM MISC |
m-files — hubshare |
Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. |
2022-10-31 |
7.5 |
CVE-2022-39018 MISC |
m-files — hubshare |
Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. |
2022-10-31 |
7.5 |
CVE-2022-39019 MISC |
conduit-hyper_project — conduit-hyper |
conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request’s length before calling [`hyper::body::to_bytes`](https://docs.rs/hyper/latest/hyper/body/fn.to_bytes.html). An attacker could send a malicious request with an abnormally large `Content-Length`, which could lead to a panic if memory allocation failed for that request. In version 0.4.2, `conduit-hyper` sets an internal limit of 128 MiB per request, otherwise returning status 400 (“Bad Request”). This crate is part of the implementation of Rust’s [crates.io](https://crates.io/), but that service is not affected due to its existing cloud infrastructure, which already drops such malicious requests. Even with the new limit in place, `conduit-hyper` is not recommended for production use, nor to directly serve the public Internet. |
2022-10-31 |
7.5 |
CVE-2022-39294 CONFIRM |
strongswan — strongswan |
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker’s control) that doesn’t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. |
2022-10-31 |
7.5 |
CVE-2022-40617 CONFIRM |
ndk-design — ndkadvancedcustomizationfields |
A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data. |
2022-11-01 |
7.5 |
CVE-2022-40839 MISC MISC MISC |
haascnc — haas_controller |
Communication traffic involving “Ethernet Q Commands” service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller. |
2022-10-28 |
7.5 |
CVE-2022-41636 MISC |
deltaww — infrasuite_device_master |
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group. |
2022-10-31 |
7.5 |
CVE-2022-41688 MISC |
golang — go |
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string “A=Bx00C=D” sets the variables “A=B” and “C=D”. |
2022-11-02 |
7.5 |
CVE-2022-41716 MISC MISC MISC MISC |
deltaww — infrasuite_device_master |
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrative passwords. |
2022-10-31 |
7.5 |
CVE-2022-41776 MISC |
apache — tomcat |
If Apache Tomcat 8.5.0 to 8.5.52, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. |
2022-11-01 |
7.5 |
CVE-2022-42252 MISC |
xen — xen |
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: – – by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory – – by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path – – by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible – – by accessing many nodes inside a transaction |
2022-11-01 |
7.5 |
CVE-2022-42311 MISC CONFIRM DEBIAN |
auieo — candidats |
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE. |
2022-11-03 |
7.5 |
CVE-2022-42745 MISC MISC |
haxx — curl |
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. |
2022-10-29 |
7.5 |
CVE-2022-42916 MISC FEDORA |
fast_food_ordering_system_project — fast_food_ordering_system |
Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /fastfood/purchase.php. |
2022-11-01 |
7.5 |
CVE-2022-43081 MISC |
open5gs — open5gs |
open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. |
2022-11-01 |
7.5 |
CVE-2022-43221 MISC |
open5gs — open5gs |
open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. |
2022-11-01 |
7.5 |
CVE-2022-43222 MISC |
open5gs — open5gs |
open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment. |
2022-11-01 |
7.5 |
CVE-2022-43223 MISC |
f5 — njs |
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. |
2022-10-28 |
7.5 |
CVE-2022-43284 MISC MISC |
f5 — njs |
Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. |
2022-10-28 |
7.5 |
CVE-2022-43285 MISC |
openharmony — openharmony |
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. |
2022-11-03 |
7.5 |
CVE-2022-43495 MISC |
ibm — robotic_process_automation |
“IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679.” |
2022-11-03 |
7.5 |
CVE-2022-43574 MISC |
jetbrains — teamcity |
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings |
2022-11-03 |
7.5 |
CVE-2022-44623 MISC |
jetbrains — teamcity |
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters |
2022-11-03 |
7.5 |
CVE-2022-44624 MISC |
google — chrome |
Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: Medium) |
2022-11-01 |
7.4 |
CVE-2022-3308 MISC MISC |
sick — sim2000-2p04g10_firmware |
Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version <= 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >1.2.0 as soon as possible. |
2022-11-01 |
7.3 |
CVE-2022-43989 MISC |
sick — sim1012-0p0g200_firmware |
Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version < 2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible. (available in SICK Support Portal) |
2022-11-01 |
7.3 |
CVE-2022-43990 MISC |
expresstech — quiz_and_survey_master |
Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. |
2022-10-28 |
7.2 |
CVE-2021-36898 CONFIRM CONFIRM |
wp-ecommerce — easy_wp_smtp |
The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. |
2022-10-31 |
7.2 |
CVE-2022-3334 CONFIRM |
publishpress — capabilities |
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site. |
2022-10-31 |
7.2 |
CVE-2022-3366 CONFIRM |
oceanwp — ocean_extra |
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog. |
2022-10-31 |
7.2 |
CVE-2022-3374 CONFIRM |
wpbeaverbuilder — customizer_export/import |
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. |
2022-10-31 |
7.2 |
CVE-2022-3380 CONFIRM |
garage_management_system_project — garage_management_system |
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php. |
2022-11-02 |
7.2 |
CVE-2022-41551 MISC |
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system |
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
2022-11-03 |
7.2 |
CVE-2022-43061 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system |
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_appointment. |
2022-11-03 |
7.2 |
CVE-2022-43062 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system |
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Users.php?f=delete_client. |
2022-11-03 |
7.2 |
CVE-2022-43063 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system |
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=delete_message. |
2022-11-02 |
7.2 |
CVE-2022-43066 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system |
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. |
2022-11-02 |
7.2 |
CVE-2022-43068 MISC |
vehicle_booking_system_project — vehicle_booking_system |
An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
2022-11-01 |
7.2 |
CVE-2022-43083 MISC |
restaurant_pos_system_project — restaurant_pos_system |
An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. |
2022-11-01 |
7.2 |
CVE-2022-43085 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system |
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. |
2022-11-01 |
7.2 |
CVE-2022-43124 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system |
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manage_appointment.php. |
2022-11-01 |
7.2 |
CVE-2022-43125 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system |
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php. |
2022-11-01 |
7.2 |
CVE-2022-43126 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system |
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php. |
2022-11-01 |
7.2 |
CVE-2022-43127 MISC |
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system |
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment. |
2022-11-02 |
7.2 |
CVE-2022-43227 MISC |
simple_cold_storage_management_system_project — simple_cold_storage_managment_system |
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. |
2022-10-28 |
7.2 |
CVE-2022-43229 MISC MISC |
canteen_management_system_project — canteen_management_system |
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. |
2022-11-01 |
7.2 |
CVE-2022-43328 MISC |
canteen_management_system_project — canteen_management_system |
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. |
2022-11-01 |
7.2 |
CVE-2022-43329 MISC |
canteen_management_system_project — canteen_management_system |
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. |
2022-11-01 |
7.2 |
CVE-2022-43330 MISC |
canteen_management_system_project — canteen_management_system |
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php. |
2022-11-01 |
7.2 |
CVE-2022-43331 MISC |
sanitization_management_system_project — sanitization_management_system |
Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. |
2022-11-01 |
7.2 |
CVE-2022-43353 MISC |
sanitization_management_system_project — sanitization_management_system |
Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request. |
2022-11-01 |
7.2 |
CVE-2022-43354 MISC |
sanitization_management_system_project — sanitization_management_system |
Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service. |
2022-11-01 |
7.2 |
CVE-2022-43355 MISC |
slims — senayan_library_management_system |
Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. |
2022-11-01 |
7.2 |
CVE-2022-43362 MISC |
apple — iphone_os |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory. |
2022-11-01 |
7.1 |
CVE-2022-32925 MISC MISC MISC |
xen — xen |
x86: unintended memory sharing between guests On Intel systems that support the “virtualize APIC accesses” feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests. |
2022-11-01 |
7.1 |
CVE-2022-42327 MISC CONFIRM MLIST |
webassembly — wabt |
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount. |
2022-10-28 |
7.1 |
CVE-2022-43280 MISC |
webassembly — wabt |
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. |
2022-10-28 |
7.1 |
CVE-2022-43282 MISC |
sudo_project — sudo |
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. |
2022-11-02 |
7.1 |
CVE-2022-43995 MISC MISC MISC MISC |
xen — xen |
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0. |
2022-11-01 |
7 |
CVE-2022-42320 MISC CONFIRM MLIST DEBIAN |
apple — macos |
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7 |
CVE-2022-42791 MISC |
apple — iphone_os |
A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7 |
CVE-2022-42803 MISC MISC MISC MISC MISC MISC |
apple — macos |
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. |
2022-11-01 |
7 |
CVE-2022-42806 MISC MISC |
Recent Comments