US-CERT Bulletin (SB22-346):Vulnerability Summary for the Week of December 5, 2022

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
activerecord_project — activerecord A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE. 2022-12-05 9.8 CVE-2022-32224
MISC
MISC
algan — prens_student_information_system Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability. 2022-12-02 9.8 CVE-2022-2807
CONFIRM
algan — prens_student_information_system Algan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability. 2022-12-02 8.8 CVE-2022-2808
CONFIRM
amentotech — workreap The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it’s possible to read any user’s notification (employer or freelancer) as the notification ID is brute-forceable. 2022-12-05 7.5 CVE-2022-3846
MISC
ami — megarac_sp-x MegaRAC Default Credentials Vulnerability 2022-12-05 9.8 CVE-2022-40242
MISC
ami — megarac_sp-x AMI MegaRAC Redfish Arbitrary Code Execution 2022-12-05 9.8 CVE-2022-40259
MISC
ami — megarac_sp-x AMI MegaRAC User Enumeration Vulnerability 2022-12-05 7.5 CVE-2022-2827
MISC
apache — camel The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4. 2022-12-05 9.8 CVE-2022-45046
CONFIRM
MLIST
apache — tapestry ** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry. 2022-12-02 9.8 CVE-2022-46366
CONFIRM
MLIST
MISC
avast — avast A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10. 2022-12-06 8.8 CVE-2022-4173
MISC
ayacms_project — ayacms AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). 2022-12-07 9.8 CVE-2022-45550
MISC
MISC
ayacms_project — ayacms AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. 2022-12-06 8.8 CVE-2022-45548
MISC
background_management_system_project — background_management_system A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability. 2022-12-03 9.8 CVE-2022-4277
N/A
N/A
beappsmobile — pc_keyboard_wifi\&bluetooth PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2022-12-05 9.8 CVE-2022-45479
MISC
cacti — cacti Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: <TARGETIP>`. This way the function `get_client_addr` returns the IP address of the server running Cacti. The following call to `gethostbyaddr` will resolve this IP address to the hostname of the server, which will pass the `poller` hostname check because of the default entry. After the authorization of the `remote_agent.php` file is bypassed, an attacker can trigger different actions. One of these actions is called `polldata`. The called function `poll_for_data` retrieves a few request parameters and loads the corresponding `poller_item` entries from the database. If the `action` of a `poller_item` equals `POLLER_ACTION_SCRIPT_PHP`, the function `proc_open` is used to execute a PHP script. The attacker-controlled parameter `$poller_id` is retrieved via the function `get_nfilter_request_var`, which allows arbitrary strings. This variable is later inserted into the string passed to `proc_open`, which leads to a command injection vulnerability. By e.g. providing the `poller_id=;id` the `id` command is executed. In order to reach the vulnerable call, the attacker must provide a `host_id` and `local_data_id`, where the `action` of the corresponding `poller_item` is set to `POLLER_ACTION_SCRIPT_PHP`. Both of these ids (`host_id` and `local_data_id`) can easily be bruteforced. The only requirement is that a `poller_item` with an `POLLER_ACTION_SCRIPT_PHP` action exists. This is very likely on a productive instance because this action is added by some predefined templates like `Device – Uptime` or `Device – Polling Time`. This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_…` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch. 2022-12-05 9.8 CVE-2022-46169
MISC
MISC
MISC
MISC
casbin — casdoor Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. 2022-12-07 8.1 CVE-2022-44942
MISC
clastix — capsule Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the OwnerReference, removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation. Patches have been released for version 0.1.3. No known workarounds are available. 2022-12-02 8.8 CVE-2022-46167
MISC
MISC
MISC
MISC
clerk — clerk.io The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. 2022-12-05 7.5 CVE-2022-3907
MISC
concretecms — concrete_cms ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder “3”. 2022-12-05 7.5 CVE-2022-46464
MISC
craftcms — craft_cms All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users’ password hash in a masked manner, which can be decoded by using public functions of the YII framework. 2022-12-05 7.5 CVE-2022-37783
MISC
cybozu — cybozu_remote_service Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition. 2022-12-07 7.5 CVE-2022-44608
MISC
MISC
d-link — dhp-w310av_firmware D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. 2022-12-02 9.8 CVE-2022-44930
MISC
d-link — dvg-g5402sp_firmware D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. 2022-12-02 9.8 CVE-2022-44928
MISC
d-link — dvg-g5402sp_firmware An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. 2022-12-02 9.8 CVE-2022-44929
MISC
dottech — smart_campus_system A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability. 2022-12-03 7.5 CVE-2022-4280
N/A
N/A
duxcms_project — duxcms A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116. 2022-12-08 8 CVE-2020-36610
MISC
MISC
elbtide — advanced_booking_calendar Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. 2022-12-05 9.8 CVE-2022-45822
MISC
f5 — big-iq_centralized_management In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-12-07 8.8 CVE-2022-41622
MISC
facepay_project — facepay A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability. 2022-12-05 8.8 CVE-2022-4281
N/A
force1rc — discovery_wifi_u818a_hd\+_fpv_firmware Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > http://thiscomputer.com/ > https://www.bostoncyber.org/ > https://medium.com/@meekworth/exploiting-the-lw9621-drone-camera-module-773f00081368 2022-12-06 9.8 CVE-2022-40918
MISC
MISC
fortinet — fortiadc An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. 2022-12-06 8.8 CVE-2022-33875
MISC
fortinet — fortideceptor An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. 2022-12-06 7.5 CVE-2022-30305
MISC
fortinet — fortiproxy An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. 2022-12-06 9.8 CVE-2022-35843
MISC
franklinfueling — colibri_firmware Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of “fopen” system function with the mode “wb” which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password. 2022-12-05 9.8 CVE-2022-44039
MISC
fsi — fs040u_firmware Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user’s unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed. 2022-12-05 7.3 CVE-2022-43470
MISC
MISC
MISC
MISC
MISC
galaxyproject — galaxy Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and higher, after the switch to gunicorn, which serve static contents directly. Additionally, the vulnerability is mitigated when using Nginx or Apache to serve /static/* contents, instead of Galaxy’s internal middleware. This issue has been patched in commit `e5e6bda4f` and will be included in future releases. Users are advised to manually patch their installations. There are no known workarounds for this vulnerability. 2022-12-06 7.5 CVE-2022-23470
MISC
MISC
ge — cimplicity GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. 2022-12-07 7.8 CVE-2022-2002
MISC
ge — cimplicity GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. 2022-12-07 7.8 CVE-2022-2948
MISC
ge — cimplicity GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. 2022-12-07 7.8 CVE-2022-2952
MISC
ge — cimplicity GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. 2022-12-08 7.8 CVE-2022-3084
MISC
ge — cimplicity GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. 2022-12-08 7.8 CVE-2022-3092
MISC
gitpython_project — gitpython All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. 2022-12-06 9.8 CVE-2022-24439
CONFIRM
CONFIRM
goauthentik — authentik authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`. 2022-12-02 9.8 CVE-2022-46145
MISC
MISC
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39090
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39091
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39092
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39093
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39094
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39095
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39096
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39097
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39098
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39099
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39100
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39101
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39102
MISC
google — android In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-42776
MISC
google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-42777
MISC
google — android In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-42778
MISC
google — chrome Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2022-12-02 8.8 CVE-2022-4262
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1. 2022-12-06 9.1 CVE-2022-41902
MISC
MISC
CONFIRM
google — tensorflow TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1. 2022-12-06 9.1 CVE-2022-41910
MISC
CONFIRM
MISC
gpac — gpac GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c. 2022-12-06 7.8 CVE-2022-45283
MISC
hasura — graphql_engine Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.) 2022-12-08 8.8 CVE-2022-46792
MISC
MISC
MISC
haxx — curl When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. 2022-12-05 9.8 CVE-2022-32221
MISC
hope-boot_project — hope-boot hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). 2022-12-07 9.8 CVE-2022-44371
MISC
hornerautomation — rcc972_firmware Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition. 2022-12-02 9.8 CVE-2022-2641
MISC
hornerautomation — rcc972_firmware The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP). 2022-12-02 7.5 CVE-2022-2640
MISC
hornerautomation — rcc972_firmware Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device. 2022-12-02 7.5 CVE-2022-2642
MISC
house_rental_system_project — house_rental_system A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability. 2022-12-03 9.8 CVE-2022-4274
N/A
N/A
house_rental_system_project — house_rental_system A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771. 2022-12-03 9.8 CVE-2022-4275
N/A
N/A
house_rental_system_project — house_rental_system A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772. 2022-12-03 9.8 CVE-2022-4276
N/A
N/A
human_resource_management_system_project — human_resource_management_system A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability. 2022-12-03 9.8 CVE-2022-4273
MISC
MISC
human_resource_management_system_project — human_resource_management_system A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775. 2022-12-03 7.2 CVE-2022-4278
N/A
N/A
ibm — content_navigator IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805. 2022-12-07 8.8 CVE-2022-43581
MISC
MISC
ibm — spectrum_scale_container_native_storage_access IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437. 2022-12-06 7.8 CVE-2022-43867
MISC
MISC
ibm — sterling_secure_proxy IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. 2022-12-06 7.5 CVE-2022-34361
MISC
MISC
ilias — ilias ILIAS before 7.16 allows OS Command Injection. 2022-12-07 8.8 CVE-2022-45915
MISC
FULLDISC
MISC
inksplat — comic_book_management_system The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. 2022-12-05 7.2 CVE-2022-3856
MISC
MISC
ivanti — endpoint_manager A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. 2022-12-05 9.8 CVE-2022-27773
MISC
ivanti — endpoint_manager XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges. 2022-12-05 7.8 CVE-2022-35259
MISC
joinmastodon — mastodon Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages. 2022-12-04 7.5 CVE-2022-46405
MISC
MISC
jrecms — springbootcms A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability. 2022-12-05 7.2 CVE-2022-4282
MISC
MISC
kodcloud — kodexplorer Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue. 2022-12-06 7.5 CVE-2022-46154
MISC
MISC
kujirahand — nadesiko3 OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. 2022-12-05 9.8 CVE-2022-41642
MISC
MISC
MISC
lazy_mouse_project — lazy_mouse Lazy Mouse server enforces weak password requirements and doesn’t implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2022-12-02 9.8 CVE-2022-45482
MISC
lzmouse — lazy_mouse The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2022-12-05 9.8 CVE-2022-45481
MISC
maku — maku-boot A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability. 2022-12-07 7.2 CVE-2022-4322
N/A
N/A
N/A
markdown_preview_enhanced_project — markdown_preview_enhanced Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function. 2022-12-07 9.8 CVE-2022-45025
MISC
markdown_preview_enhanced_project — markdown_preview_enhanced An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process. 2022-12-07 9.8 CVE-2022-45026
MISC
mikrotik — routeros Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message. 2022-12-05 9.8 CVE-2022-45313
MISC
mikrotik — routeros Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet. 2022-12-05 9.8 CVE-2022-45315
MISC
mobatek — mobaxterm When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used. 2022-12-06 9.1 CVE-2022-38337
MISC
MISC
mobatek — mobaxterm An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. 2022-12-06 8.1 CVE-2022-38336
MISC
moxa — uc-8580-t-lx_firmware Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code. 2022-12-02 7.6 CVE-2022-3086
MISC
nadesiko3_project — nadesiko3 OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product. 2022-12-05 9.8 CVE-2022-42496
MISC
MISC
MISC
nadesiko3_project — nadesiko3 Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash. 2022-12-05 7.5 CVE-2022-41777
MISC
MISC
MISC
neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.8 CVE-2022-23468
MISC
neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.8 CVE-2022-23477
MISC
neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.8 CVE-2022-23478
MISC
neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.8 CVE-2022-23479
MISC
neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.8 CVE-2022-23480
MISC
neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.8 CVE-2022-23484
MISC
neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.1 CVE-2022-23481
MISC
neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.1 CVE-2022-23482
MISC
neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.1 CVE-2022-23483
MISC
neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.1 CVE-2022-23493
MISC
nodebb — nodebb NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit. 2022-12-05 9.8 CVE-2022-46164
MISC
MISC
nodejs — node.js The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. 2022-12-05 9.8 CVE-2022-35256
MISC
nodejs — node.js A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. 2022-12-05 9.1 CVE-2022-35255
MISC
nodejs — node.js A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. 2022-12-05 8.1 CVE-2022-43548
MISC
nokogiri — nokogiri Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected. 2022-12-08 7.5 CVE-2022-23476
MISC
MISC
MISC
nttdata — terasoluna_server_framework_for_java_\(rich\) TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application. 2022-12-05 7.8 CVE-2022-43484
MISC
MISC
MISC
offis — dcmtk DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. 2022-12-02 7.5 CVE-2022-43272
MISC
MISC
omron — cx-programmer Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. 2022-12-07 7.8 CVE-2022-43508
MISC
MISC
omron — cx-programmer Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. 2022-12-07 7.8 CVE-2022-43509
MISC
MISC
omron — cx-programmer Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. 2022-12-07 7.8 CVE-2022-43667
MISC
MISC
online_leave_management_system_project — online_leave_management_system Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-12-07 7.2 CVE-2022-45009
MISC
paddlepaddle — paddlepaddle Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. 2022-12-07 9.8 CVE-2022-46742
MISC
paddlepaddle — paddlepaddle Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. 2022-12-07 9.1 CVE-2022-46741
MISC
passeo_project — passeo Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python `random` library for random value selection. The python `random` library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2022-12-06 7.5 CVE-2022-23472
MISC
MISC
MISC
pdfmake_project — pdfmake pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input. 2022-12-06 9.8 CVE-2022-46161
MISC
MISC
postmagthemes — postmagthemes_demo_import The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE. 2022-12-05 7.2 CVE-2022-1540
MISC
premio — chaty The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin. 2022-12-05 7.2 CVE-2022-3858
MISC
proofpoint — enterprise_protection The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below. 2022-12-06 9.6 CVE-2022-46332
MISC
proofpoint — enterprise_protection The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below. 2022-12-06 7.2 CVE-2022-46333
MISC
protocol — libp2p libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based network. Users are advised to upgrade to `libp2p` `v0.45.1` or above. Users unable to upgrade should reference the DoS Mitigation page for more information on how to incorporate mitigation strategies, monitor their application, and respond to attacks: https://docs.libp2p.io/reference/dos-mitigation/. 2022-12-07 7.5 CVE-2022-23486
MISC
protocol — libp2p js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency to `v0.38.0` or greater. There are no known workarounds for this vulnerability. 2022-12-07 7.5 CVE-2022-23487
MISC
protocol — libp2p go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of go-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to upgrade their version of go-libp2p to version `0.18.1` or newer. Users unable to upgrade may consult the denial of service (dos) mitigation page for more information on how to incorporate mitigation strategies, monitor your application, and respond to attacks. 2022-12-08 7.5 CVE-2022-23492
MISC
MISC
MISC
proxmox — proxmox_mail_gateway Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the [email protected] account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3. 2022-12-04 9.8 CVE-2022-35508
MISC
MISC
MISC
MISC
proxmox — proxmox_mail_gateway A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim’s browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3. 2022-12-04 7.1 CVE-2022-35507
MISC
MISC
pulsesecure — pulse_connect_secure An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. 2022-12-05 7.5 CVE-2022-35254
MISC
pulsesecure — pulse_connect_secure An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. 2022-12-05 7.5 CVE-2022-35258
MISC
pwndoc_project — pwndoc An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. 2022-12-05 8.8 CVE-2022-45771
MISC
MISC
py7zr_project — py7zr A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file. 2022-12-06 9.1 CVE-2022-44900
MISC
MISC
MISC
quarkus — quarkus Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request. 2022-12-06 9.8 CVE-2022-4147
MISC
rack_project — rack A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. 2022-12-05 10 CVE-2022-30123
MISC
rack_project — rack A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. 2022-12-05 7.5 CVE-2022-30122
MISC
rackn — digital_rebar RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access. 2022-12-06 9.8 CVE-2022-46383
MISC
MISC
rackn — digital_rebar RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar. 2022-12-06 8.8 CVE-2022-46382
MISC
redmine — redmine Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user. 2022-12-06 7.5 CVE-2022-44030
MISC
MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. 2022-12-02 9.8 CVE-2022-44945
MISC
MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. 2022-12-05 8.8 CVE-2022-45020
MISC
samsung — exynos_firmware Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call. 2022-12-08 7.5 CVE-2022-39902
MISC
sangoma — asterisk In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash. 2022-12-05 7.5 CVE-2022-37325
MISC
sanitization_management_system_project — sanitization_management_system Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. 2022-12-07 7.2 CVE-2022-44393
MISC
seagate — stcg2000300_firmware The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the “start” state and sending a check_device_name request. 2022-12-06 9.8 CVE-2020-6627
MISC
MISC
MISC
secomea — gatemanager Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0. 2022-12-06 7.2 CVE-2022-38123
MISC
simple-git_project — simple-git The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306). 2022-12-06 9.8 CVE-2022-25912
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
simple_phone_book\/directory_web_app_project — simple_phone_book\/directory_web_app Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php. 2022-12-07 9.8 CVE-2022-45010
MISC
skycaiji — skycaiji Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php. 2022-12-07 9.8 CVE-2022-44351
MISC
slims — senayan_library_management_system SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. 2022-12-05 7.5 CVE-2022-45019
MISC
stackstorm — stackstorm Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn’t check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information. 2022-12-06 7.5 CVE-2022-44009
MISC
swiftterm_project — swiftterm SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user’s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available. 2022-12-02 7.8 CVE-2022-23465
MISC
MISC
syncee — syncee_-_global_dropshipping The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator’s account. 2022-12-05 7.5 CVE-2022-3694
MISC
telepad-app — telepad Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2022-12-05 9.8 CVE-2022-45477
MISC
telos — omnia_mpx_node_firmware Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access. 2022-12-02 8.8 CVE-2022-45562
MISC
telosalliance — omnia_mpx_node_firmware An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* – 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input. 2022-12-02 9.8 CVE-2022-43325
MISC
tenda — a18_firmware Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. 2022-12-08 7.5 CVE-2022-44931
MISC
tenda — a18_firmware An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. 2022-12-08 7.5 CVE-2022-44932
MISC
tenda — ac6_firmware Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. 2022-12-02 7.5 CVE-2022-45641
MISC
tenda — i21_firmware Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. 2022-12-02 9.8 CVE-2022-44362
MISC
tenda — i21_firmware Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. 2022-12-02 9.8 CVE-2022-44363
MISC
tenda — i21_firmware Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd. 2022-12-02 9.8 CVE-2022-44365
MISC
tenda — i21_firmware Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo. 2022-12-02 9.8 CVE-2022-44366
MISC
tenda — i21_firmware Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo. 2022-12-02 9.8 CVE-2022-44367
MISC
tenda — i22_firmware Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. 2022-12-02 7.5 CVE-2022-45663
MISC
tenda — i22_firmware Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function. 2022-12-02 7.5 CVE-2022-45664
MISC
tenda — i22_firmware Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function. 2022-12-02 7.5 CVE-2022-45669
MISC
tenda — i22_firmware Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. 2022-12-02 7.5 CVE-2022-45670
MISC
tenda — i22_firmware Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function. 2022-12-02 7.5 CVE-2022-45671
MISC
tenda — i22_firmware Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function. 2022-12-02 7.5 CVE-2022-45672
MISC
tenda — w30e_firmware Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. 2022-12-08 9.8 CVE-2022-45506
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand. 2022-12-08 7.5 CVE-2022-45505
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName. 2022-12-08 7.5 CVE-2022-45507
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName. 2022-12-08 7.5 CVE-2022-45508
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName. 2022-12-08 7.5 CVE-2022-45509
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset. 2022-12-08 7.5 CVE-2022-45510
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex. 2022-12-08 7.5 CVE-2022-45511
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter. 2022-12-08 7.5 CVE-2022-45512
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter. 2022-12-08 7.5 CVE-2022-45513
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter. 2022-12-08 7.5 CVE-2022-45514
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat. 2022-12-08 7.5 CVE-2022-45515
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. 2022-12-08 7.5 CVE-2022-45516
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. 2022-12-08 7.5 CVE-2022-45517
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. 2022-12-08 7.5 CVE-2022-45518
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. 2022-12-08 7.5 CVE-2022-45519
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. 2022-12-08 7.5 CVE-2022-45520
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. 2022-12-08 7.5 CVE-2022-45521
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. 2022-12-08 7.5 CVE-2022-45522
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. 2022-12-08 7.5 CVE-2022-45523
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. 2022-12-08 7.5 CVE-2022-45524
MISC
tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. 2022-12-08 7.5 CVE-2022-45525
MISC
tenda — w6-s_firmware Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand. 2022-12-08 9.8 CVE-2022-45497
MISC
tenda — w6-s_firmware An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. 2022-12-08 7.5 CVE-2022-45498
MISC
tenda — w6-s_firmware Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet. 2022-12-08 7.5 CVE-2022-45499
MISC
tenda — w6-s_firmware Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset. 2022-12-08 7.5 CVE-2022-45501
MISC
tenda — w6-s_firmware Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing. 2022-12-08 7.5 CVE-2022-45503
MISC
tenda — w6-s_firmware An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. 2022-12-08 7.5 CVE-2022-45504
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function. 2022-12-02 7.5 CVE-2022-45643
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function. 2022-12-02 7.5 CVE-2022-45644
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function. 2022-12-02 7.5 CVE-2022-45645
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function. 2022-12-02 7.5 CVE-2022-45646
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function. 2022-12-02 7.5 CVE-2022-45647
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function. 2022-12-02 7.5 CVE-2022-45648
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function. 2022-12-02 7.5 CVE-2022-45649
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function. 2022-12-02 7.5 CVE-2022-45650
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function. 2022-12-02 7.5 CVE-2022-45651
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function. 2022-12-02 7.5 CVE-2022-45652
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function. 2022-12-02 7.5 CVE-2022-45653
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function. 2022-12-02 7.5 CVE-2022-45654
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function. 2022-12-02 7.5 CVE-2022-45655
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. 2022-12-02 7.5 CVE-2022-45656
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. 2022-12-02 7.5 CVE-2022-45657
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function. 2022-12-02 7.5 CVE-2022-45658
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. 2022-12-02 7.5 CVE-2022-45659
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function. 2022-12-02 7.5 CVE-2022-45660
MISC
tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function. 2022-12-02 7.5 CVE-2022-45661
MISC
thinkphp — thinkphp Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. 2022-12-06 8.8 CVE-2022-44289
MISC
tibco — nimbus The Web Client component of TIBCO Software Inc.’s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO Nimbus: version 10.5.0. 2022-12-06 9.3 CVE-2022-41559
CONFIRM
ui — edgemax_edgerouter_firmware A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later. 2022-12-05 8.8 CVE-2022-43553
MISC
unimo — udr-ja1604_firmware Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71×10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. 2022-12-07 8.8 CVE-2022-43464
MISC
MISC
unimo — udr-ja1604_firmware OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71×10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. 2022-12-07 8.8 CVE-2022-44606
MISC
MISC
unimo — udr-ja1604_firmware Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71×10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. 2022-12-07 8.8 CVE-2022-44620
MISC
MISC
veeam — veeam_backup_for_google_cloud Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. 2022-12-05 9.8 CVE-2022-43549
MISC
veritas — netbackup_flex_scale_appliance An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal. 2022-12-04 9.8 CVE-2022-46414
MISC
veritas — netbackup_flex_scale_appliance An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands. 2022-12-04 8.8 CVE-2022-46410
MISC
veritas — netbackup_flex_scale_appliance An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges. 2022-12-04 8.8 CVE-2022-46411
MISC
veritas — netbackup_flex_scale_appliance An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands. 2022-12-04 8.8 CVE-2022-46412
MISC
veritas — netbackup_flex_scale_appliance An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal. 2022-12-04 8.8 CVE-2022-46413
MISC
videolan — vlc_media_player An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. 2022-12-06 7.8 CVE-2022-41325
MISC
MISC
MISC
DEBIAN
vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. 2022-12-03 9.8 CVE-2022-3491
CONFIRM
MISC
vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. 2022-12-02 9.8 CVE-2022-3520
MISC
CONFIRM
vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0789. 2022-12-02 7.8 CVE-2022-3591
MISC
CONFIRM
vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0882. 2022-12-05 7.8 CVE-2022-4292
CONFIRM
MISC
warehouse_management_system_project — warehouse_management_system A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760. 2022-12-03 9.8 CVE-2022-4272
MISC
MISC
webtareas_project — webtareas webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. 2022-12-02 9.8 CVE-2022-44290
MISC
MISC
webtareas_project — webtareas webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. 2022-12-02 9.8 CVE-2022-44291
MISC
MISC
wordpress_popular_posts_project — wordpress_popular_posts External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input. 2022-12-07 7.5 CVE-2022-43468
MISC
MISC
MISC
wp-ecommerce — easy_wp_smtp Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. 2022-12-06 8.8 CVE-2022-42699
MISC
wp-ecommerce — easy_wp_smtp Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress. 2022-12-06 8.1 CVE-2022-45829
MISC
wp_csv_exporter_project — wp_csv_exporter The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks 2022-12-05 7.2 CVE-2022-3249
MISC
xjd2020 — fastcms A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability. 2022-12-06 8.8 CVE-2022-4300
N/A
N/A
MISC
yithemes — yith_woocommerce_gift_cards Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. 2022-12-06 9.8 CVE-2022-45359
MISC
zabbix — frontend Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range. 2022-12-05 9.8 CVE-2022-43515
MISC
zabbix — zabbix A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI) 2022-12-05 9.8 CVE-2022-43516
MISC
zimbra — collaboration An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution. 2022-12-05 7.2 CVE-2022-45912
MISC
zkteco — zktime A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. 2022-12-06 7.5 CVE-2021-39434
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
2kblater — 2kb_amazon_affiliates_store Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress. 2022-12-04 6.1 CVE-2022-40968
MISC
add_comments_project — add_comments The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2022-12-05 4.8 CVE-2022-3909
MISC
addonspress — advanced_import The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks 2022-12-05 6.5 CVE-2022-3677
MISC
advanced_wp_columns_project — advanced_wp_columns The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2022-12-05 4.8 CVE-2022-3426
MISC
apache — commons_net Prior to Apache Commons Net 3.9.0, Net’s FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. 2022-12-03 6.5 CVE-2021-37533
CONFIRM
MLIST
auto\/taxi_stand_management_system_project — auto\/taxi_stand_management_system AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php. 2022-12-06 6.1 CVE-2022-43369
MISC
MISC
awstats — awstats AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. 2022-12-04 6.1 CVE-2022-46391
MISC
MLIST
bd — bodyguard_999-603_firmware The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump. 2022-12-05 5.3 CVE-2022-43557
MISC
beappsmobile — pc_keyboard_wifi_\&_bluetooth PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2022-12-02 5.9 CVE-2022-45480
MISC
beetl-bbs_project — beetl-bbs A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107. 2022-12-08 5.4 CVE-2022-4347
N/A
N/A
book_store_management_system_project — book_store_management_system A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module. 2022-12-02 5.4 CVE-2022-45215
MISC
MISC
book_store_management_system_project — book_store_management_system A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module. 2022-12-07 5.4 CVE-2022-45217
MISC
MISC
clicshopping — clicshopping_v3 A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter. 2022-12-05 6.1 CVE-2022-45769
MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3. 2022-12-05 6.1 CVE-2022-43556
MISC
MISC
MISC
contest-gallery — contest_gallery Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress. 2022-12-06 6.1 CVE-2022-45848
MISC
crowdstrike — falcon CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.) 2022-12-04 4.9 CVE-2022-44721
MISC
dev4press — gd_bbpress_attachments Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress. 2022-12-06 5.4 CVE-2022-45816
MISC
discourse — discourse Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available. 2022-12-02 4.3 CVE-2022-46159
MISC
MISC
duxcms_project — duxcms A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115. 2022-12-08 5.4 CVE-2020-36609
MISC
MISC
ecommerce-website_project — ecommerce-website A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter. 2022-12-05 6.1 CVE-2022-45990
MISC
elbtide — advanced_booking_calendar Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. 2022-12-05 6.5 CVE-2022-45824
MISC
enhancesoft — osticket Cross-site Scripting (XSS) – Reflected in GitHub repository osticket/osticket prior to 1.16.4. 2022-12-02 5.4 CVE-2022-4271
CONFIRM
MISC
fortinet — fortiadc Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests. 2022-12-06 6.5 CVE-2022-33876
MISC
fortinet — fortios A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiOS 6.0.7 – 6.0.15, 6.2.2 – 6.2.12, 6.4.0 – 6.4.9 and 7.0.0 – 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages. 2022-12-06 5.4 CVE-2022-40680
MISC
fortinet — fortisoar Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR. 2022-12-06 5.4 CVE-2022-38379
MISC
fsi — fs040u_firmware Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console. 2022-12-05 4.6 CVE-2022-43442
MISC
MISC
MISC
MISC
MISC
google — android In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207. 2022-12-05 6.7 CVE-2022-32594
MISC
google — android In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446213; Issue ID: ALPS07446213. 2022-12-05 6.7 CVE-2022-32596
MISC
google — android In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228. 2022-12-05 6.7 CVE-2022-32597
MISC
google — android In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228. 2022-12-05 6.7 CVE-2022-32598
MISC
google — android In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659. 2022-12-05 6.7 CVE-2022-32619
MISC
google — android In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753. 2022-12-05 6.7 CVE-2022-32620
MISC
google — android In gz, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363786; Issue ID: ALPS07363786. 2022-12-05 6.7 CVE-2022-32622
MISC
google — android In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923. 2022-12-05 6.7 CVE-2022-32624
MISC
google — android In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216. 2022-12-05 6.7 CVE-2022-32625
MISC
google — android In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326239; Issue ID: ALPS07326239. 2022-12-05 6.7 CVE-2022-32626
MISC
google — android In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310780; Issue ID: ALPS07310780. 2022-12-05 6.7 CVE-2022-32628
MISC
google — android In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310774; Issue ID: ALPS07310774. 2022-12-05 6.7 CVE-2022-32629
MISC
google — android In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966. 2022-12-05 6.7 CVE-2022-32630
MISC
google — android In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453613; Issue ID: ALPS07453613. 2022-12-05 6.7 CVE-2022-32631
MISC
google — android In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441630; Issue ID: ALPS07441630. 2022-12-05 6.7 CVE-2022-32632
MISC
google — android In Wi-Fi, there is a possible memory access violation due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441637; Issue ID: ALPS07441637. 2022-12-05 6.7 CVE-2022-32633
MISC
google — android In ccci, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138646; Issue ID: ALPS07138646. 2022-12-05 6.7 CVE-2022-32634
MISC
google — android In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Issue ID: ALPS07310829. 2022-12-05 6.4 CVE-2022-32621
MISC
google — android In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-12-06 5.5 CVE-2022-39106
MISC
google — android In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-12-06 5.5 CVE-2022-39129
MISC
google — android In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-12-06 5.5 CVE-2022-39130
MISC
google — android In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. 2022-12-06 5.5 CVE-2022-39131
MISC
google — android In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. 2022-12-06 5.5 CVE-2022-39132
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-39133
MISC
google — android Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log. 2022-12-08 5.5 CVE-2022-39897
MISC
google — android Implicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allows attacker to access sensitive information via implicit intent. 2022-12-08 5.5 CVE-2022-39905
MISC
google — android In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel. 2022-12-06 5.5 CVE-2022-42754
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42755
MISC
google — android In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel. 2022-12-06 5.5 CVE-2022-42756
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42759
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42760
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42761
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42762
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42763
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42764
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42765
MISC
google — android In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. 2022-12-06 5.5 CVE-2022-42766
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42772
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42773
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42774
MISC
google — android In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. 2022-12-06 5.5 CVE-2022-42775
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42779
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42780
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 5.5 CVE-2022-42781
MISC
google — android In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. 2022-12-06 5.5 CVE-2022-42782
MISC
google — android In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel. 2022-12-06 4.7 CVE-2022-39134
MISC
google — android In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. 2022-12-06 4.7 CVE-2022-42770
MISC
google — android In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. 2022-12-06 4.7 CVE-2022-42771
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 4.3 CVE-2022-42768
MISC
haxx — curl curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. 2022-12-05 6.5 CVE-2022-35260
MISC
human_resource_management_system_project — human_resource_management_system A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776. 2022-12-03 6.1 CVE-2022-4279
N/A
N/A
ibm — business_automation_workflow IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687. 2022-12-07 6.1 CVE-2022-41735
MISC
MISC
ilias — ilias ILIAS before 7.16 allows External Control of File Name or Path. 2022-12-07 6.5 CVE-2022-45918
MISC
FULLDISC
MISC
ilias — ilias ILIAS before 7.16 has an Open Redirect. 2022-12-07 6.1 CVE-2022-45917
MISC
FULLDISC
MISC
ilias — ilias ILIAS before 7.16 allows XSS. 2022-12-07 5.4 CVE-2022-45916
MISC
FULLDISC
MISC
ivanti — endpoint_manager ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files. 2022-12-05 6.5 CVE-2022-23143
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘datef’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2022-12-02 6.1 CVE-2022-4208
MISC
MISC
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pointsf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2022-12-02 6.1 CVE-2022-4209
MISC
MISC
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dnf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2022-12-02 6.1 CVE-2022-4210
MISC
MISC
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ’emailf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2022-12-02 6.1 CVE-2022-4211
MISC
MISC
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ipf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2022-12-02 6.1 CVE-2022-4212
MISC
MISC
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2022-12-02 6.1 CVE-2022-4213
MISC
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ip’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2022-12-02 6.1 CVE-2022-4214
MISC
MISC
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘date’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2022-12-02 6.1 CVE-2022-4215
MISC
MISC
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘facebook_appid’ parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2022-12-02 4.8 CVE-2022-4216
MISC
MISC
MISC
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2022-12-02 4.8 CVE-2022-4217
MISC
MISC
MISC
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2022-12-02 4.3 CVE-2022-4218
MISC
MISC
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2022-12-02 4.3 CVE-2022-4219
MISC
MISC
MISC
kibokolabs — chained_quiz The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2022-12-02 4.3 CVE-2022-4220
MISC
MISC
MISC
MISC
kwoksys — information_server An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. 2022-12-06 4.9 CVE-2022-45326
MISC
MISC
kyocera — taskalfa_7550ci_firmware Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. 2022-12-05 6.5 CVE-2022-41798
MISC
MISC
MISC
kyocera — taskalfa_7550ci_firmware Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. 2022-12-05 6.5 CVE-2022-41807
MISC
MISC
MISC
kyocera — taskalfa_7550ci_firmware Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. 2022-12-05 4.8 CVE-2022-41830
MISC
MISC
MISC
lazy_mouse_project — lazy_mouse Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2022-12-02 5.9 CVE-2022-45483
MISC
linux — linux_kernel A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action “mirred”) a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. 2022-12-05 5.5 CVE-2022-4269
MISC
mingsoft — mcms A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112. 2022-12-08 6.1 CVE-2022-4350
MISC
MISC
oceanwp — sticky_header Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress. 2022-12-04 6.5 CVE-2022-35730
MISC
online_leave_management_system_project — online_leave_management_system Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module. 2022-12-07 4.8 CVE-2022-45008
MISC
openrazer_project — openrazer OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices. 2022-12-05 4.6 CVE-2022-23467
MISC
MISC
pinterest — querybook Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow attackers to perform reflected cross site scripting (XSS) if Content Security Policy (CSP) is not enabled or `unsafe-inline` is allowed. Users are advised to upgrade to the latest, patched version of querybook (version 3.14.2 or greater). Users unable to upgrade may enable CSP and not allow unsafe-inline or manually escape query parameters in a reverse proxy. 2022-12-06 6.1 CVE-2022-46151
MISC
MISC
pwn_project — pwn A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability. 2022-12-08 6.8 CVE-2022-4349
N/A
N/A
rapidscada — rapid_scada Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS). 2022-12-07 6.1 CVE-2022-44153
MISC
ricoh — aficio_sp_4210n_firmware Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. 2022-12-07 4.8 CVE-2022-37406
MISC
MISC
MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. 2022-12-02 5.4 CVE-2022-44944
MISC
MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. 2022-12-02 5.4 CVE-2022-44946
MISC
MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking “Add”. 2022-12-02 5.4 CVE-2022-44947
MISC
MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking “Add”. 2022-12-02 5.4 CVE-2022-44948
MISC
MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field. 2022-12-02 5.4 CVE-2022-44949
MISC
MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2022-12-02 5.4 CVE-2022-44950
MISC
MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2022-12-02 5.4 CVE-2022-44951
MISC
MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking “Add”. 2022-12-02 5.4 CVE-2022-44952
MISC
MISC
ruoyi — ruoyi-cloud A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108. 2022-12-08 6.1 CVE-2022-4348
N/A
N/A
salonbookingsystem — salon_booking_system Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script. 2022-12-05 6.1 CVE-2022-43487
MISC
MISC
MISC
sangoma — asterisk An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal. 2022-12-05 4.9 CVE-2022-42706
MISC
sangoma — certified_asterisk A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription. 2022-12-05 6.5 CVE-2022-42705
MISC
ss-proj — shirasagi Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. 2022-12-05 6.1 CVE-2022-43479
MISC
MISC
MISC
MISC
ss-proj — shirasagi Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. 2022-12-05 5.4 CVE-2022-43499
MISC
MISC
MISC
MISC
stackstorm — stackstorm Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users. 2022-12-05 5.4 CVE-2022-43706
MISC
telegram — telegram ** DISPUTED ** Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding. 2022-12-06 6.1 CVE-2022-43363
MISC
MISC
telepad-app — telepad Telepad allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2022-12-05 5.9 CVE-2022-45478
MISC
teler_project — teler teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting (XSS) in the teler dashboard. When teler requests messages from the event stream on the `/events` endpoint, the log data displayed on the dashboard are not sanitized. This only affects authenticated users and can only be exploited based on detected threats if the log contains a DOM scripting payload. This vulnerability has been fixed on version `v2.0.0-rc.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2022-12-06 5.4 CVE-2022-23466
MISC
MISC
tenda — ac6_firmware Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. 2022-12-02 6.5 CVE-2022-45673
MISC
tenda — ac6_firmware Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. 2022-12-02 6.5 CVE-2022-45674
MISC
tenda — i22_firmware Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. 2022-12-02 6.5 CVE-2022-45667
MISC
tenda — i22_firmware Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. 2022-12-02 6.5 CVE-2022-45668
MISC
themeum — wp_page_builder The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2022-12-05 4.8 CVE-2022-3830
MISC
tibco — nimbus The Statement Set Upload via the Web Client component of TIBCO Software Inc.’s TIBCO Nimbus contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Denial of Service Attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Nimbus: version 10.5.0. 2022-12-06 6.5 CVE-2022-41560
CONFIRM
tomexam — tomexam Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml. 2022-12-05 5.4 CVE-2021-34181
MISC
tp-link — re3000_firmware tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product’s OneMesh function. 2022-12-07 5.5 CVE-2022-41783
MISC
MISC
tp-link — tl-wr740n_firmware A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214812. 2022-12-06 5.5 CVE-2022-4296
MISC
MISC
user_registration_\&_user_management_system_project — user_registration_\&_user_management_system Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages. 2022-12-05 5.4 CVE-2022-43097
MISC
vim — vim Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. 2022-12-05 5.5 CVE-2022-4293
CONFIRM
MISC
webtareas_project — webtareas webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking “Add”. 2022-12-02 5.4 CVE-2022-44953
MISC
MISC
webtareas_project — webtareas webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking “Add”. 2022-12-02 5.4 CVE-2022-44954
MISC
MISC
webtareas_project — webtareas webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field. 2022-12-02 5.4 CVE-2022-44955
MISC
MISC
webtareas_project — webtareas webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2022-12-02 5.4 CVE-2022-44956
MISC
MISC
webtareas_project — webtareas webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2022-12-02 5.4 CVE-2022-44957
MISC
MISC
webtareas_project — webtareas webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2022-12-02 5.4 CVE-2022-44959
MISC
MISC
webtareas_project — webtareas webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. 2022-12-02 5.4 CVE-2022-44960
MISC
MISC
webtareas_project — webtareas webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2022-12-02 5.4 CVE-2022-44961
MISC
MISC
webtareas_project — webtareas webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field. 2022-12-02 5.4 CVE-2022-44962
MISC
MISC
wordpress — wordpress Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script . 2022-12-05 6.1 CVE-2022-43497
MISC
MISC
MISC
wordpress — wordpress Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script . 2022-12-05 6.1 CVE-2022-43500
MISC
MISC
MISC
wordpress — wordpress Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. 2022-12-05 5.3 CVE-2022-43504
MISC
MISC
MISC
wp-ecommerce — easy_wp_smtp Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. 2022-12-06 6.5 CVE-2022-45833
MISC
wp-oauth — wp_oauth_server The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID 2022-12-05 6.5 CVE-2022-3926
MISC
wp-oauth — wp_oauth_server The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-12-05 4.8 CVE-2022-3892
MISC
wpmanage — uji_countdown The Uji Countdown WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2022-12-05 4.8 CVE-2022-3837
MISC
wpupper_share_buttons_project — wpupper_share_buttons The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2022-12-05 4.8 CVE-2022-3838
MISC
xylusthemes — wp_smart_import Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress. 2022-12-06 6.1 CVE-2022-40209
MISC
zyxel — atp800_firmware A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser. 2022-12-06 6.1 CVE-2022-40603
CONFIRM
zzcms — zzcms An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php. 2022-12-07 5.4 CVE-2022-44361
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
google — android Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. 2022-12-08 3.3 CVE-2022-39894
MISC
google — android Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent. 2022-12-08 3.3 CVE-2022-39895
MISC
google — android Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. 2022-12-08 3.3 CVE-2022-39896
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 3.3 CVE-2022-42757
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 3.3 CVE-2022-42758
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 3.3 CVE-2022-42767
MISC
google — android In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. 2022-12-06 3.3 CVE-2022-42769
MISC
hitachi — jp1\/automatic_operation Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01. 2022-12-06 3.3 CVE-2022-34881
MISC
m-files — m-files_server Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. 2022-12-02 2.6 CVE-2022-4270
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
akeneo_pim — akeneo_pim Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions aforementioned provides patched Apache HTTP server configuration file, for docker setup and in documentation sample, to fix this vulnerability. Community Edition users must change their Apache HTTP server configuration accordingly to be protected. The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October 2022. Users are advised to upgrade. Users unable to upgrade may Replace any reference to `<FilesMatch \.php$>` in their apache httpd configurations with: `<Location “/index.php”>`. 2022-12-09 not yet calculated CVE-2022-46157
MISC
MISC
apache — manifoldcf Improper neutralization of special elements used in an LDAP query (‘LDAP Injection’) vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions. 2022-12-07 not yet calculated CVE-2022-45910
MISC
aruba — airwave_management_platform Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. 2022-12-08 not yet calculated CVE-2022-37916
MISC
aruba — airwave_management_platform Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. 2022-12-08 not yet calculated CVE-2022-37917
MISC
aruba — airwave_management_platform Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. 2022-12-08 not yet calculated CVE-2022-37918
MISC
automotive_shop_management_system — automotive_shop_management_system Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php. 2022-12-09 not yet calculated CVE-2022-44838
MISC
baota — baota In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature. 2022-12-09 not yet calculated CVE-2022-4336
MISC
basercms — basercms Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. 2022-12-07 not yet calculated CVE-2022-41994
MISC
MISC
basercms — basercms Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. 2022-12-07 not yet calculated CVE-2022-42486
MISC
MISC
broadcom — brocade_fabric_os A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address. 2022-12-08 not yet calculated CVE-2022-33186
MISC
broadcom — brocade_sannav Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. 2022-12-09 not yet calculated CVE-2022-33187
MISC
broadcom — symantec_messaging_gateway An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column) 2022-12-09 not yet calculated CVE-2022-25629
MISC
broadcom — symantec_messaging_gateway An authenticated user can embed malicious content with XSS into the admin group policy page. 2022-12-09 not yet calculated CVE-2022-25630
MISC
buffalo_inc — multiple_products Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WLI-TX4-AG300N firmware Ver. 1.53 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WZR2-G108 firmware Ver. 1.33 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, and WZR-HP-G450H firmware Ver. 1.90 and earlier. 2022-12-07 not yet calculated CVE-2022-39044
MISC
MISC
buffalo_inc — multiple_products Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier. 2022-12-07 not yet calculated CVE-2022-40966
MISC
MISC
buffalo_inc — multiple_products Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, and WZR-D1100H firmware Ver. 2.00 and earlier. 2022-12-07 not yet calculated CVE-2022-34840
MISC
MISC
buildah — buildah A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. 2022-12-08 not yet calculated CVE-2022-4122
MISC
MISC
buildah — buildah A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. 2022-12-08 not yet calculated CVE-2022-4123
MISC
canon_medical_informatics — vitrea_vision Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter. 2022-12-09 not yet calculated CVE-2022-38765
MISC
certifi — certifi Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from “TrustCor” from the root store. These are in the process of being removed from Mozilla’s trust store. TrustCor’s root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor’s ownership also operated a business that produced spyware. Conclusions of Mozilla’s investigation can be found in the linked google group discussion. 2022-12-07 not yet calculated CVE-2022-23491
MISC
MISC
chicken — chicken egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file. 2022-12-10 not yet calculated CVE-2022-45145
MISC
MISC
MISC
codecentric– spring-boot-admin Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint. 2022-12-09 not yet calculated CVE-2022-46166
MISC
MISC
containerd — containerd containerd is an open source container runtime. A bug was found in containerd’s CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user’s process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd’s CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. 2022-12-07 not yet calculated CVE-2022-23471
MISC
MISC
csliuwy — coder-chain_gdut A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095. 2022-12-07 not yet calculated CVE-2022-4341
N/A
N/A

cube-js — cube-js

cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to 0.31.24 or to downgrade to 0.31.22. There are no known workarounds for this vulnerability. 2022-12-09 not yet calculated CVE-2022-23510
MISC
MISC
MISC

daloradius — daloradius

daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in two parts 1) The CSRF vulnerability can be mitigated by making the daloRadius session cookie to samesite=Lax or by the implimentation of a CSRF token in all forms. 2) The XSS vulnerability may be mitigated by escaping it or by introducing a Content-Security policy. 2022-12-06 not yet calculated CVE-2022-23475
MISC
MISC
dhis2 — dhis2-core DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated user to open the malicious file in a browser which would trigger the javascript code, resulting in a cross-site scripting (XSS) attack. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. Users unable to upgrade may add the following simple CSP rule in your web proxy to the vulnerable endpoints: `script-src ‘none’`. This workaround will prevent all javascript from running on those endpoints. 2022-12-08 not yet calculated CVE-2022-41947
MISC
MISC
dhis2 — dhis2-core DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an HTTP PUT request. Only users with the following DHIS2 user role authorities can exploit this vulnerability. Note that in many systems the only users with user admin privileges are also superusers. In these cases, the escalation vulnerability does not exist. The vulnerability is only exploitable by attackers who can authenticate as users with the user admin authority. As this is usually a small and relatively trusted set of users, exploit vectors will often be limited. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. The only known workaround to this issue is to avoid the assignment of the user management authority to any users until the patch has been applied. 2022-12-08 not yet calculated CVE-2022-41948
MISC
dhis2 — dhis2-core DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources (like third party servers). This could allow an attacker, for example, to identify vulnerable services which might not be otherwise exposed to the public internet or to determine whether a specific file is present on the DHIS2 server. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. At this time, there is no known workaround or mitigation for this vulnerability. 2022-12-08 not yet calculated CVE-2022-41949
MISC
MISC
f5 — big-ip In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-12-07 not yet calculated CVE-2022-41800
MISC
freshrss — freshrss FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration might contain a hashed password (brypt with cost 9, salted) of the GReader API, and a hashed password (MD5 salted) of the Fever API. Users should update to version 1.20.2 or edge. Users unable to upgrade can apply the patch manually or delete the file `./FreshRSS/p/ext.php`. 2022-12-09 not yet calculated CVE-2022-23497
MISC
MISC
MISC
funkwhale — funkwhale User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted. 2022-12-09 not yet calculated CVE-2022-45292
MISC
go-merkledag — go-merkledag go-merkledag implements the ‘DAGService’ interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don’t allow for error returns. A `ProtoNode` should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error from the codec. Manipulation of an existing (newly created or decoded) `ProtoNode` using the modifier methods did not account for certain states that would place the `ProtoNode` into an unencodeable form. Due to conformance with the [`github.com/ipfs/go-block-format#Block`](https://pkg.go.dev/github.com/ipfs/go-block-format#Block) and [`github.com/ipfs/go-ipld-format#Node`](https://pkg.go.dev/github.com/ipfs/go-ipld-format#Node) interfaces, certain methods, which internally require a re-encode if state has changed, will panic due to the inability to return an error. This issue has been addressed across a number of pull requests. Users are advised to upgrade to version 0.8.1 for a complete set of fixes. Users unable to upgrade may attempt to mitigate this issue by sanitising inputs when allowing user-input to set a new `CidBuilder` on a `ProtoNode` and by sanitising `Tsize` (`Link#Size`) values such that they are a reasonable byte-size for sub-DAGs where derived from user-input. 2022-12-08 not yet calculated CVE-2022-23495
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
go-standard_library — os/net/http
 
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(“C:/tmp”).Open(“COM1”) opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(“”) has changed. Previously, an empty root was treated equivalently to “/”, so os.DirFS(“”).Open(“tmp”) would open the path “/tmp”. This now returns an error. 2022-12-07 not yet calculated CVE-2022-41720
MISC
MISC
MISC
MISC
go-standard_library/golang — multiple_producst An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. 2022-12-08 not yet calculated CVE-2022-41717
MISC
MISC
MISC
MISC
MISC
ibm — cloud_transformation_advisor IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214. 2022-12-09 not yet calculated CVE-2022-41299
MISC
MISC
interspire — email_marketer Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists. 2022-12-09 not yet calculated CVE-2022-44790
MISC
jetbrains — gateway In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. 2022-12-08 not yet calculated CVE-2022-46829
MISC
jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. 2022-12-08 not yet calculated CVE-2022-46824
MISC
jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. 2022-12-08 not yet calculated CVE-2022-46825
MISC
jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. 2022-12-08 not yet calculated CVE-2022-46826
MISC
jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. 2022-12-08 not yet calculated CVE-2022-46827
MISC
jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. 2022-12-08 not yet calculated CVE-2022-46828
MISC
jetbrains — teamcity In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. 2022-12-08 not yet calculated CVE-2022-46830
MISC
jetbrains — teamcity In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the “Default Credential Provider Chain” allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. 2022-12-08 not yet calculated CVE-2022-46831
MISC
kbase_doc — kbase_doc Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java. 2022-12-09 not yet calculated CVE-2022-45290
MISC
labstack — labstack Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. 2022-12-07 not yet calculated CVE-2020-36565
MISC
MISC
MISC
linux — linux Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). 2022-12-07 not yet calculated CVE-2022-42328
MISC
MLIST
MLIST
MLIST
linux — linux Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). 2022-12-07 not yet calculated CVE-2022-42329
MISC
MLIST
MLIST
MLIST
lirantal — daloradius Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitHub repository lirantal/daloradius prior to master branch. 2022-12-08 not yet calculated CVE-2022-4366
CONFIRM
MISC
m-files — web Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration. 2022-12-09 not yet calculated CVE-2022-4264
MISC
metinfo — metinfo A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. 2022-12-07 not yet calculated CVE-2022-44849
MISC
micro_focus — operations_bridge_containerized
 
A potential vulnerability has been identified in Micro Focus Operations Bridge – Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11. 2022-12-08 not yet calculated CVE-2022-38754
MISC
MISC
MISC
mingsoft — mcms A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196. 2022-12-09 not yet calculated CVE-2022-4375
MISC
MISC
morontt — zend-blog-number-2 A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability. 2022-12-10 not yet calculated CVE-2022-4397
N/A
N/A
netgear — nighthawk_rax30 A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network. 2022-12-09 not yet calculated CVE-2022-4390
MISC
MISC
nortonlifelock — avast_antivirus The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component. 2022-12-08 not yet calculated CVE-2022-4291
MISC
openharmony — openharmony Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. 2022-12-08 not yet calculated CVE-2022-41802
MISC
openharmony — openharmony The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash. 2022-12-08 not yet calculated CVE-2022-44455
MISC
openharmony — openharmony OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions. 2022-12-08 not yet calculated CVE-2022-45118
MISC
openharmony — openharmony OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. 2022-12-08 not yet calculated CVE-2022-45877
MISC
pb-cms — pb-cms A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-215114 is the identifier assigned to this vulnerability. 2022-12-08 not yet calculated CVE-2022-4354
MISC
MISC
pb-cms — pb-cms
 
A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215113 was assigned to this vulnerability. 2022-12-08 not yet calculated CVE-2022-4353
MISC
MISC
perl — perl The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user’s terminal and certain options are set. 2022-12-09 not yet calculated CVE-2022-4170
MISC
MISC
prestashop — prestashop PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue. 2022-12-08 not yet calculated CVE-2022-46158
MISC
MISC
qubes-mirage-firewall — qubes-mirage-firewall qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255). 2022-12-07 not yet calculated CVE-2022-46770
MISC
radareorg — radareorg/radare2 Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0. 2022-12-10 not yet calculated CVE-2022-4398
MISC
CONFIRM
rapid7 — nexpose_and_insightvm Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself. 2022-12-08 not yet calculated CVE-2022-4261
CONFIRM
CONFIRM
CONFIRM
red_hat — openshift Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. 2022-12-09 not yet calculated CVE-2022-3259
MISC
red_hat — openshift The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. 2022-12-08 not yet calculated CVE-2022-3260
MISC
red_hat — openshift A flaw was found in Openshift. A pod with a DNSPolicy of “ClusterFirst” may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability. 2022-12-08 not yet calculated CVE-2022-3262
MISC
reputeinfosystems — armember Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress. 2022-12-06 not yet calculated CVE-2022-42888
MISC
s-cms — s-cms A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability. 2022-12-09 not yet calculated CVE-2022-4377
N/A
N/A
samsung — calendar Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent. 2022-12-08 not yet calculated CVE-2022-39915
MISC
samsung — decoding_library Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. 2022-12-08 not yet calculated CVE-2022-39907
MISC
samsung — decoding_library TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. 2022-12-08 not yet calculated CVE-2022-39908
MISC
samsung — displaymanagerservice Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information. 2022-12-08 not yet calculated CVE-2022-39914
MISC
samsung — exynos_baseband Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB. 2022-12-08 not yet calculated CVE-2022-39901
MISC

samsung — gear_iconx_pc_manager

Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link. 2022-12-08 not yet calculated CVE-2022-39909
MISC
samsung — iiccphonebook Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim. 2022-12-08 not yet calculated CVE-2022-39898
MISC
samsung — nice_catch Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch. 2022-12-08 not yet calculated CVE-2022-39900
MISC
samsung — pass Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view. 2022-12-08 not yet calculated CVE-2022-39910
MISC
samsung — pass Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass. 2022-12-08 not yet calculated CVE-2022-39911
MISC
samsung — persona_manager Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information. 2022-12-08 not yet calculated CVE-2022-39913
MISC
samsung — personamanagerservice Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. 2022-12-08 not yet calculated CVE-2022-39912
MISC
samsung — rcs_call Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number. 2022-12-08 not yet calculated CVE-2022-39903
MISC
samsung — sectelephonyprovider Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information. 2022-12-08 not yet calculated CVE-2022-39906
MISC

samsung — settings

Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log. 2022-12-08 not yet calculated CVE-2022-39904
MISC
samsung — windowmanagerservice Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture. 2022-12-08 not yet calculated CVE-2022-39899
MISC
secomea — gatemanager A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7. 2022-12-09 not yet calculated CVE-2022-2752
MISC
secustation — multiple_products In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217. 2022-12-08 not yet calculated CVE-2022-40939
MISC
MISC
seeddms — seeddms Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack. 2022-12-08 not yet calculated CVE-2022-44938
MISC
sentry — sentry
 
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their `sentry.conf.py` file (usually located at `~/.sentry/`). 2022-12-10 not yet calculated CVE-2022-23485
MISC
shift_tech_inc — bingo!cms Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered. 2022-12-07 not yet calculated CVE-2022-42458
MISC
MISC
six_apart_ltd — movable_type Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of ‘Manage of Content Types’ may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. 2022-12-07 not yet calculated CVE-2022-43660
MISC
MISC
six_apart_ltd — movable_type Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. 2022-12-07 not yet calculated CVE-2022-45113
MISC
MISC
six_apart_ltd — movable_type Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. 2022-12-07 not yet calculated CVE-2022-45122
MISC
MISC
teledyne flir — ax8 A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability. 2022-12-08 not yet calculated CVE-2022-4364
N/A
N/A
teleport — teleport Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface. 2022-12-08 not yet calculated CVE-2022-38599
MISC
MISC
ticklishhoneybee — nodau A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252. 2022-12-10 not yet calculated CVE-2022-4399
MISC
MISC
MISC
tinymce — tinymce tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which presents these dialogs when certain errors occur. The vulnerability allowed arbitrary JavaScript execution when an alert presented in the TinyMCE UI for the current user. This vulnerability has been patched in TinyMCE 5.10.7 and TinyMCE 6.3.1 by ensuring HTML sanitization was still performed after unwrapping invalid elements. Users are advised to upgrade to either 5.10.7 or 6.3.1. Users unable to upgrade may ensure the the `images_upload_handler` returns a valid value as per the images_upload_handler documentation. 2022-12-08 not yet calculated CVE-2022-23494
MISC
MISC
MISC
MISC
MISC
MISC
traefik — traefik Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`. 2022-12-08 not yet calculated CVE-2022-23469
MISC
MISC
MISC
traefik — traefik Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options. 2022-12-08 not yet calculated CVE-2022-46153
MISC
MISC
MISC
MISC
trendnet — wireless_ac_easy-upgrader_tew-820ap A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution. 2022-12-07 not yet calculated CVE-2022-44373
MISC
typora — typora Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. 2022-12-07 not yet calculated CVE-2022-43668
MISC
MISC

western_digital — my_cloud

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. 2022-12-09 not yet calculated CVE-2022-29838
MISC

western_digital — my_cloud

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. 2022-12-09 not yet calculated CVE-2022-29839
MISC
wireshark — wireshark Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows 2022-12-09 not yet calculated CVE-2022-3724
MISC
MISC
CONFIRM
xen_project — xen
 
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. 2022-12-07 not yet calculated CVE-2022-3643
MISC
MLIST
yauaa — yauaa Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. If uncaught the exception will result in a program crash. Applications that do not use this feature are not affected. Users are advised to upgrade to version 7.9.0. Users unable to upgrade may catch and discard any ArrayIndexOutOfBoundsException thrown by the Yauaa library. 2022-12-08 not yet calculated CVE-2022-23496
MISC
MISC
yii — gii Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. 2022-12-09 not yet calculated CVE-2022-34297
MISC
zephyr — zephyr There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. 2022-12-09 not yet calculated CVE-2022-2993
MISC
zkteco — xiamen_information_technology_zkbio_eco_adms ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). 2022-12-09 not yet calculated CVE-2022-44213
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn