Adobe Releases Security Updates for Multiple Products

This article is contributed. See the original author and article here.

Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Adobe Security Bulletins and apply the necessary updates.
•    Adobe Cold Fusion APSB22-44 
•    Adobe Acrobat and Reader APSB22-46
•    Adobe Commerce and Magneto Open Source APSB22-48
•    Adobe Dimension APSB22-57

CISA Releases Twenty-Five Industrial Control Systems Advisories

Microsoft Releases October 2022 Security Updates

This article is contributed. See the original author and article here.

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

SSL

Secure .gov websites use HTTPS

A lock (lock icon) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

CISA Has Added One Known Exploited Vulnerability to Catalog

This article is contributed. See the original author and article here.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.      

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.   

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria. 

Vulnerability Summary for the Week of October 3, 2022

This article is contributed. See the original author and article here.

actian — psql If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database. 2022-09-30 8.8 CVE-2022-40756
MISC
MISC apache — airflow In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn’t prevent an already authenticated user from being able to continue using the UI or API. 2022-10-07 8.1 CVE-2022-41672
CONFIRM
CONFIRM apache — commons_jxpath Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution. 2022-10-06 9.8 CVE-2022-41852
MISC arubanetworks — instant There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. 2022-10-06 9.8 CVE-2022-37888
MISC asus — rt-ax56u_firmware A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by “caupload” input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication. 2022-10-06 8.8 CVE-2021-40556
CONFIRM
MISC autodesk — autocad A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution. 2022-10-03 7.8 CVE-2022-33885
MISC autodesk — autocad A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code. 2022-10-03 7.8 CVE-2022-33886
MISC autodesk — autocad A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process. 2022-10-03 7.8 CVE-2022-33887
MISC autodesk — autocad A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-03 7.8 CVE-2022-33888
MISC autodesk — autocad Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-03 7.5 CVE-2022-33884
MISC autodesk — autodesk_desktop Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code. 2022-10-03 9.8 CVE-2022-33882
MISC autodesk — design_review A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution. 2022-10-03 7.8 CVE-2022-33889
MISC autodesk — design_review A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-03 7.8 CVE-2022-33890
MISC autodesk — moldflow_synergy A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-03 7.8 CVE-2022-33883
MISC autodesk — subassembly_composer A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2022-10-03 7.8 CVE-2022-41301
MISC axiosys — bento4 Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux. 2022-10-03 8.8 CVE-2022-41428
MISC axiosys — bento4 Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag. 2022-10-03 8.8 CVE-2022-41429
MISC axiosys — bento4 Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. 2022-10-03 8.8 CVE-2022-41430
MISC backdropcms — backdrop_cms Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via ‘themes’ that allows attackers to Remote Code Execution. 2022-10-07 7.2 CVE-2022-42092
MISC billing_system_project_project — billing_system_project Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php. 2022-09-30 7.2 CVE-2022-41437
MISC billing_system_project_project — billing_system_project Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php. 2022-09-30 7.2 CVE-2022-41439
MISC billing_system_project_project — billing_system_project Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php. 2022-09-30 7.2 CVE-2022-41440
MISC bookingultrapro — booking_ultra_pro_appointments_booking_calendar Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. 2022-09-30 8.8 CVE-2021-36854
CONFIRM
CONFIRM bus_pass_management_system_project — bus_pass_management_system Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php.. 2022-09-30 9.8 CVE-2022-35156
MISC
MISC
MISC cisco — ios_xe A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malicious DHCP messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-09-30 7.5 CVE-2022-20847
CISCO cisco — ios_xe A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-09-30 7.5 CVE-2022-20848
CISCO cisco — ios_xe A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition. 2022-09-30 7.5 CVE-2022-20856
CISCO cisco — ios_xe A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition. 2022-09-30 7.5 CVE-2022-20919
CISCO cisco — ios_xe A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device. 2022-09-30 7.2 CVE-2022-20851
CISCO cisco — sd-wan_vbond_orchestrator Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. 2022-09-30 7.8 CVE-2022-20818
CISCO cisco — sd-wan_vmanage Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. 2022-09-30 7.8 CVE-2022-20775
CISCO cisco — sd-wan_vsmart_controller A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. 2022-09-30 7.1 CVE-2022-20850
CISCO cloudflare — goflow sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service. 2022-09-30 7.5 CVE-2022-2529
MISC codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via systemdatabaseDB_query_builder.php or_where() function. 2022-10-07 9.8 CVE-2022-40824
MISC codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via systemdatabaseDB_query_builder.php where_in() function. 2022-10-07 9.8 CVE-2022-40825
MISC codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via systemdatabaseDB_query_builder.php or_having() function. 2022-10-07 9.8 CVE-2022-40826
MISC codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via systemdatabaseDB_query_builder.php where() function. 2022-10-07 9.8 CVE-2022-40827
MISC codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via systemdatabaseDB_query_builder.php or_where_not_in() function. 2022-10-07 9.8 CVE-2022-40828
MISC codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via systemdatabaseDB_query_builder.php or_like() function. 2022-10-07 9.8 CVE-2022-40829
MISC codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via systemdatabaseDB_query_builder.php where_not_in() function. 2022-10-07 9.8 CVE-2022-40830
MISC codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via systemdatabaseDB_query_builder.php like() function. 2022-10-07 9.8 CVE-2022-40831
MISC codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via systemdatabaseDB_query_builder.php having() function. 2022-10-07 9.8 CVE-2022-40832
MISC codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via systemdatabaseDB_query_builder.php or_where_in() function. 2022-10-07 9.8 CVE-2022-40833
MISC codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via systemdatabaseDB_query_builder.php or_not_like() function. 2022-10-07 9.8 CVE-2022-40834
MISC codeigniter — codeigniter B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via systemdatabaseDB_query_builder.php. 2022-10-07 9.8 CVE-2022-40835
MISC creativedream_file_uploader_project — creativedream_file_uploader Arbitrary file upload vulnerability in php uploader 2022-10-03 9.8 CVE-2022-40721
MISC
MISC
MLIST css-what_project — css-what The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function. 2022-09-30 7.5 CVE-2022-21222
CONFIRM
CONFIRM dairy_farm_shop_management_system_project — dairy_farm_shop_management_system Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file. 2022-09-30 9.8 CVE-2022-40943
MISC
MISC dairy_farm_shop_management_system_project — dairy_farm_shop_management_system Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file. 2022-09-30 9.8 CVE-2022-40944
MISC
MISC
MISC dedecms — dedecms DedeCMS 5.7.98 has a file upload vulnerability in the background. 2022-10-03 7.2 CVE-2022-40886
MISC dell — hybrid_client Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. 2022-09-30 7.1 CVE-2022-34429
MISC fasterxml — jackson-databind In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. 2022-10-02 7.5 CVE-2022-42003
MISC
MISC
MISC fasterxml — jackson-databind In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. 2022-10-02 7.5 CVE-2022-42004
MISC
MISC
MISC flyte — flyteadmin FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the default configuration for Flyte Admin allows access for Flyte Propeller even after turning on authentication via a hardcoded hashed password. This password is also set on the default Flyte Propeller configmap in the various Flyte Helm charts. Users who enable auth but do not override this setting in Flyte Admin’s configuration may unbeknownst to them be allowing public traffic in by way of this default password with attackers effectively impersonating propeller. This only applies to users who have not specified the ExternalAuthorizationServer setting. Usage of an external auth server automatically turns off this default configuration and are not susceptible to this vulnerability. This issue has been addressed in version 1.1.44. Users should manually set the staticClients in the selfAuthServer section of their configuration if they intend to rely on Admin’s internal auth server. Again, users who use an external auth server are automatically protected from this vulnerability. 2022-10-06 7.5 CVE-2022-39273
MISC
CONFIRM
MISC generex — cs141_firmware Generex CS141 before 2.08 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh). 2022-10-06 7.2 CVE-2022-42457
MISC
MISC
MISC google — android Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. 2022-10-07 7.8 CVE-2022-39854
MISC gridea — gridea Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the ‘nodeIntegration’ option enabled. 2022-09-30 7.8 CVE-2022-40274
MISC
MISC hitachi — storage_plug-in Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects: Hitachi Storage Plug-in for VMware vCenter 04.8.0. 2022-10-06 8.8 CVE-2022-2637
MISC htmly — htmly Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. 2022-09-30 8.1 CVE-2021-33354
MISC ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889. 2022-10-07 7.5 CVE-2022-22480
XF
CONFIRM ibm — websphere_automation_for_ibm_cloud_pak_for_watson_aiops IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449. 2022-10-07 8.8 CVE-2022-22493
XF
CONFIRM ikus-soft — rdiffweb Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. 2022-10-06 9.8 CVE-2022-3273
MISC
CONFIRM ikus-soft — rdiffweb Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. 2022-09-30 7.5 CVE-2022-3371
CONFIRM
MISC ikus-soft — rdiffweb Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10. 2022-10-06 7.5 CVE-2022-3389
CONFIRM
MISC innovaphone — innovaphone_firmware AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. 2022-09-30 9.8 CVE-2022-41870
MISC joplinapp — joplin Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the ‘shell.openExternal’ function. 2022-09-30 7.8 CVE-2022-40277
MISC
MISC lighttpd — lighttpd A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. 2022-10-06 7.5 CVE-2022-41556
MISC
MISC
MISC linuxfoundation — dapr_dashboard Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data. 2022-10-03 7.5 CVE-2022-38817
MISC
MISC microsoft — exchange_server Microsoft Exchange Server Elevation of Privilege Vulnerability. 2022-10-03 8.8 CVE-2022-41040
MISC
CERT-VN microsoft — exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability. 2022-10-03 8.8 CVE-2022-41082
MISC
CERT-VN mojoportal — mojoportal mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. 2022-09-30 8.8 CVE-2022-40341
MISC
MISC moodle — moodle A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. 2022-09-30 9.8 CVE-2022-40314
MISC
MISC moodle — moodle A limited SQL injection risk was identified in the “browse list of users” site administration page. 2022-09-30 9.8 CVE-2022-40315
MISC
MISC moodle — moodle Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. 2022-10-06 8.8 CVE-2022-2986
MISC
MISC moodle — moodle Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. 2022-09-30 7.1 CVE-2022-40313
MISC
MISC mybb — mybb MyBB is a free and open source forum software. The _Mail Settings_ ? Additional Parameters for PHP’s mail() function mail_parameters setting value, in connection with the configured mail program’s options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2022-10-06 7.2 CVE-2022-39265
MISC
CONFIRM
MISC
MISC najeebmedia — frontend_file_manager The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE 2022-10-03 8.8 CVE-2022-3125
MISC nedi — nedi In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 <= and NeDi for Suse 1.0.7 <= and NeDi for FreeBSD 1.0.7 <=. 2022-10-06 9.1 CVE-2022-40895
MISC
MISC
MISC octopus — octopus_server In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. 2022-09-30 9.8 CVE-2022-2778
MISC omron — cx-programmer OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. 2022-10-06 9.8 CVE-2022-3396
CONFIRM omron — cx-programmer OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. 2022-10-06 9.8 CVE-2022-3397
CONFIRM omron — cx-programmer OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. 2022-10-06 9.8 CVE-2022-3398
CONFIRM online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-07 7.2 CVE-2022-41512
MISC online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php. 2022-10-07 7.2 CVE-2022-41513
MISC online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. 2022-10-07 7.2 CVE-2022-42073
MISC online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. 2022-10-07 7.2 CVE-2022-42074
MISC online_leave_management_system_project — online_leave_management_system Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department. 2022-10-06 7.2 CVE-2022-41355
MISC online_pet_shop_we_app_project — online_pet_shop_we_app Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. 2022-10-07 7.2 CVE-2022-41377
MISC online_pet_shop_we_app_project — online_pet_shop_we_app Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory. 2022-10-07 7.2 CVE-2022-41378
MISC open_source_sacco_management_system_project — open_source_sacco_management_system Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan. 2022-10-07 7.2 CVE-2022-41514
MISC open_source_sacco_management_system_project — open_source_sacco_management_system Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. 2022-10-07 7.2 CVE-2022-41515
MISC orchest — orchest ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user’s account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at rick@orchest.io 2022-09-30 8.1 CVE-2022-39268
MISC
MISC
MISC
CONFIRM phpipam — phpipam phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php. 2022-10-03 9.8 CVE-2022-41443
MISC pjsip — pjsip PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue. 2022-10-06 9.8 CVE-2022-39244
MISC
CONFIRM pjsip — pjsip PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability. 2022-10-06 9.1 CVE-2022-39269
MISC
CONFIRM pyup — dependency_parser dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed. 2022-10-06 7.5 CVE-2022-39280
MISC
MISC
MISC
CONFIRM realvnc — vnc_server RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. 2022-09-30 7.8 CVE-2022-41975
MISC samsung — factorycamera Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege. 2022-10-07 7.8 CVE-2022-39858
MISC semtech — loramac-node LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds write. The function `ProcessRadioRxDone` implicitly expects incoming radio frames to have at least a payload of one byte or more. An empty payload leads to a 1-byte out-of-bounds read of user controlled content when the payload buffer is reused. This allows an attacker to craft a FRAME_TYPE_PROPRIETARY frame with size -1 which results in an 65280-byte out-of-bounds memcopy likely with partially controlled attacker data. Corrupting a large part if the data section is likely to cause a DoS. If the large out-of-bounds write does not immediately crash the attacker may gain control over the execution due to now controlling large parts of the data section. Users are advised to upgrade either by updating their package or by manually applying the patch commit `e851b079`. 2022-10-06 9.8 CVE-2022-39274
MISC
MISC
CONFIRM simple_cold_storage_management_system_project — simple_cold_storage_management_system Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message. 2022-10-06 7.2 CVE-2022-42241
MISC simple_cold_storage_management_system_project — simple_cold_storage_management_system Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking. 2022-10-06 7.2 CVE-2022-42242
MISC simple_cold_storage_management_system_project — simple_cold_storage_management_system Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=. 2022-10-06 7.2 CVE-2022-42243
MISC simple_cold_storage_management_system_project — simple_cold_storage_management_system Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=. 2022-10-06 7.2 CVE-2022-42249
MISC simple_cold_storage_management_system_project — simple_cold_storage_management_system Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=. 2022-10-06 7.2 CVE-2022-42250
MISC simple_e-learning_system_project — simple_e-learning_system An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode. 2022-10-07 9.8 CVE-2022-40872
MISC snyk — cli Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1. This affects, for example, the Snyk TeamCity plugin (which does not update automatically) before 20220930.142957. 2022-10-03 7.8 CVE-2022-40764
MISC
MISC
MISC
MISC solarwinds — orion_platform A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. 2022-09-30 8.8 CVE-2022-36961
MISC
MISC sonicjs — sonicjs SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete. 2022-10-01 9.1 CVE-2022-42002
MISC
MISC swmansion — react_native_reanimated The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js. 2022-09-30 7.5 CVE-2022-24373
CONFIRM
CONFIRM
CONFIRM
CONFIRM sylabs — singularity_image_format syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. 2022-10-06 9.8 CVE-2022-39237
CONFIRM
MISC tooljet — tooljet Account Takeover :: when see the info i can see the hash pass i can creaked it …………… Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the pass 2022-10-07 7.5 CVE-2022-3422
CONFIRM
MISC veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. 2022-10-03 9.8 CVE-2022-42302
MISC veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. 2022-10-03 9.8 CVE-2022-42303
MISC veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. 2022-10-03 9.8 CVE-2022-42304
MISC veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service. 2022-10-03 9.8 CVE-2022-42307
MISC veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. 2022-10-03 8.8 CVE-2022-42301
MISC veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. 2022-10-03 7.5 CVE-2022-42299
MISC veritas — netbackup An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. 2022-10-03 7.5 CVE-2022-42305
MISC veritas — netbackup An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. 2022-10-03 7.1 CVE-2022-42308
MISC vmware — rabbitmq RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins. 2022-10-06 7.5 CVE-2022-31008
MISC
CONFIRM web-based_student_clearance_system_project — web-based_student_clearance_system A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. Affected is an unknown function of the file /Admin/login.php of the component POST Parameter Handler. The manipulation of the argument txtusername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210246 is the identifier assigned to this vulnerability. 2022-10-07 9.8 CVE-2022-3414
N/A
N/A