US-CERT Bulletin (SB22-346):Vulnerability Summary for the Week of December 5, 2022

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
activerecord_project — activerecord	A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.	2022-12-05	9.8	CVE-2022-32224 MISC MISC
algan — prens_student_information_system	Algan YazÄ±lÄ±m Prens Student Information System product has an unauthenticated SQL Injection vulnerability.	2022-12-02	9.8	CVE-2022-2807 CONFIRM
algan — prens_student_information_system	Algan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability.	2022-12-02	8.8	CVE-2022-2808 CONFIRM
amentotech — workreap	The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it’s possible to read any user’s notification (employer or freelancer) as the notification ID is brute-forceable.	2022-12-05	7.5	CVE-2022-3846 MISC
ami — megarac_sp-x	MegaRAC Default Credentials Vulnerability	2022-12-05	9.8	CVE-2022-40242 MISC
ami — megarac_sp-x	AMI MegaRAC Redfish Arbitrary Code Execution	2022-12-05	9.8	CVE-2022-40259 MISC
ami — megarac_sp-x	AMI MegaRAC User Enumeration Vulnerability	2022-12-05	7.5	CVE-2022-2827 MISC
apache — camel	The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.	2022-12-05	9.8	CVE-2022-45046 CONFIRM MLIST
apache — tapestry	UNSUPPORTED WHEN ASSIGNED Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.	2022-12-02	9.8	CVE-2022-46366 CONFIRM MLIST MISC
avast — avast	A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10.	2022-12-06	8.8	CVE-2022-4173 MISC
ayacms_project — ayacms	AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).	2022-12-07	9.8	CVE-2022-45550 MISC MISC
ayacms_project — ayacms	AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.	2022-12-06	8.8	CVE-2022-45548 MISC
background_management_system_project — background_management_system	A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability.	2022-12-03	9.8	CVE-2022-4277 N/A N/A
beappsmobile — pc_keyboard_wifi\&bluetooth	PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2022-12-05	9.8	CVE-2022-45479 MISC
cacti — cacti	Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: <TARGETIP>`. This way the function `get_client_addr` returns the IP address of the server running Cacti. The following call to `gethostbyaddr` will resolve this IP address to the hostname of the server, which will pass the `poller` hostname check because of the default entry. After the authorization of the `remote_agent.php` file is bypassed, an attacker can trigger different actions. One of these actions is called `polldata`. The called function `poll_for_data` retrieves a few request parameters and loads the corresponding `poller_item` entries from the database. If the `action` of a `poller_item` equals `POLLER_ACTION_SCRIPT_PHP`, the function `proc_open` is used to execute a PHP script. The attacker-controlled parameter `$poller_id` is retrieved via the function `get_nfilter_request_var`, which allows arbitrary strings. This variable is later inserted into the string passed to `proc_open`, which leads to a command injection vulnerability. By e.g. providing the `poller_id=;id` the `id` command is executed. In order to reach the vulnerable call, the attacker must provide a `host_id` and `local_data_id`, where the `action` of the corresponding `poller_item` is set to `POLLER_ACTION_SCRIPT_PHP`. Both of these ids (`host_id` and `local_data_id`) can easily be bruteforced. The only requirement is that a `poller_item` with an `POLLER_ACTION_SCRIPT_PHP` action exists. This is very likely on a productive instance because this action is added by some predefined templates like `Device – Uptime` or `Device – Polling Time`. This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_…` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch.	2022-12-05	9.8	CVE-2022-46169 MISC MISC MISC MISC
casbin — casdoor	Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.	2022-12-07	8.1	CVE-2022-44942 MISC
clastix — capsule	Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the OwnerReference, removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation. Patches have been released for version 0.1.3. No known workarounds are available.	2022-12-02	8.8	CVE-2022-46167 MISC MISC MISC MISC
clerk — clerk.io	The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.	2022-12-05	7.5	CVE-2022-3907 MISC
concretecms — concrete_cms	ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder “3”.	2022-12-05	7.5	CVE-2022-46464 MISC
craftcms — craft_cms	All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users’ password hash in a masked manner, which can be decoded by using public functions of the YII framework.	2022-12-05	7.5	CVE-2022-37783 MISC
cybozu — cybozu_remote_service	Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.	2022-12-07	7.5	CVE-2022-44608 MISC MISC
d-link — dhp-w310av_firmware	D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.	2022-12-02	9.8	CVE-2022-44930 MISC
d-link — dvg-g5402sp_firmware	D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.	2022-12-02	9.8	CVE-2022-44928 MISC
d-link — dvg-g5402sp_firmware	An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles.	2022-12-02	9.8	CVE-2022-44929 MISC
dottech — smart_campus_system	A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.	2022-12-03	7.5	CVE-2022-4280 N/A N/A
duxcms_project — duxcms	A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116.	2022-12-08	8	CVE-2020-36610 MISC MISC
elbtide — advanced_booking_calendar	Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.	2022-12-05	9.8	CVE-2022-45822 MISC
f5 — big-iq_centralized_management	In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-12-07	8.8	CVE-2022-41622 MISC
facepay_project — facepay	A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability.	2022-12-05	8.8	CVE-2022-4281 N/A
force1rc — discovery_wifi_u818a_hd\+_fpv_firmware	Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > http://thiscomputer.com/ > https://www.bostoncyber.org/ > https://medium.com/@meekworth/exploiting-the-lw9621-drone-camera-module-773f00081368	2022-12-06	9.8	CVE-2022-40918 MISC MISC
fortinet — fortiadc	An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.	2022-12-06	8.8	CVE-2022-33875 MISC
fortinet — fortideceptor	An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.	2022-12-06	7.5	CVE-2022-30305 MISC
fortinet — fortiproxy	An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.	2022-12-06	9.8	CVE-2022-35843 MISC
franklinfueling — colibri_firmware	Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of “fopen” system function with the mode “wb” which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password.	2022-12-05	9.8	CVE-2022-44039 MISC
fsi — fs040u_firmware	Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user’s unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed.	2022-12-05	7.3	CVE-2022-43470 MISC MISC MISC MISC MISC
galaxyproject — galaxy	Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and higher, after the switch to gunicorn, which serve static contents directly. Additionally, the vulnerability is mitigated when using Nginx or Apache to serve /static/* contents, instead of Galaxy’s internal middleware. This issue has been patched in commit `e5e6bda4f` and will be included in future releases. Users are advised to manually patch their installations. There are no known workarounds for this vulnerability.	2022-12-06	7.5	CVE-2022-23470 MISC MISC
ge — cimplicity	GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.	2022-12-07	7.8	CVE-2022-2002 MISC
ge — cimplicity	GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code.	2022-12-07	7.8	CVE-2022-2948 MISC
ge — cimplicity	GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.	2022-12-07	7.8	CVE-2022-2952 MISC
ge — cimplicity	GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code.	2022-12-08	7.8	CVE-2022-3084 MISC
ge — cimplicity	GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code.	2022-12-08	7.8	CVE-2022-3092 MISC
gitpython_project — gitpython	All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.	2022-12-06	9.8	CVE-2022-24439 CONFIRM CONFIRM
goauthentik — authentik	authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`.	2022-12-02	9.8	CVE-2022-46145 MISC MISC MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39090 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39091 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39092 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39093 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39094 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39095 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39096 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39097 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39098 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39099 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39100 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39101 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-39102 MISC
google — android	In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-42776 MISC
google — android	In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-42777 MISC
google — android	In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed.	2022-12-06	7.8	CVE-2022-42778 MISC
google — chrome	Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2022-12-02	8.8	CVE-2022-4262 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.	2022-12-06	9.1	CVE-2022-41902 MISC MISC CONFIRM
google — tensorflow	TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.	2022-12-06	9.1	CVE-2022-41910 MISC CONFIRM MISC
gpac — gpac	GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c.	2022-12-06	7.8	CVE-2022-45283 MISC
hasura — graphql_engine	Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)	2022-12-08	8.8	CVE-2022-46792 MISC MISC MISC
haxx — curl	When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.	2022-12-05	9.8	CVE-2022-32221 MISC
hope-boot_project — hope-boot	hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).	2022-12-07	9.8	CVE-2022-44371 MISC
hornerautomation — rcc972_firmware	Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition.	2022-12-02	9.8	CVE-2022-2641 MISC
hornerautomation — rcc972_firmware	The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).	2022-12-02	7.5	CVE-2022-2640 MISC
hornerautomation — rcc972_firmware	Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device.	2022-12-02	7.5	CVE-2022-2642 MISC
house_rental_system_project — house_rental_system	A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability.	2022-12-03	9.8	CVE-2022-4274 N/A N/A
house_rental_system_project — house_rental_system	A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771.	2022-12-03	9.8	CVE-2022-4275 N/A N/A
house_rental_system_project — house_rental_system	A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772.	2022-12-03	9.8	CVE-2022-4276 N/A N/A
human_resource_management_system_project — human_resource_management_system	A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.	2022-12-03	9.8	CVE-2022-4273 MISC MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775.	2022-12-03	7.2	CVE-2022-4278 N/A N/A
ibm — content_navigator	IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.	2022-12-07	8.8	CVE-2022-43581 MISC MISC
ibm — spectrum_scale_container_native_storage_access	IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.	2022-12-06	7.8	CVE-2022-43867 MISC MISC
ibm — sterling_secure_proxy	IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.	2022-12-06	7.5	CVE-2022-34361 MISC MISC
ilias — ilias	ILIAS before 7.16 allows OS Command Injection.	2022-12-07	8.8	CVE-2022-45915 MISC FULLDISC MISC
inksplat — comic_book_management_system	The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.	2022-12-05	7.2	CVE-2022-3856 MISC MISC
ivanti — endpoint_manager	A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.	2022-12-05	9.8	CVE-2022-27773 MISC
ivanti — endpoint_manager	XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.	2022-12-05	7.8	CVE-2022-35259 MISC
joinmastodon — mastodon	Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.	2022-12-04	7.5	CVE-2022-46405 MISC MISC
jrecms — springbootcms	A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability.	2022-12-05	7.2	CVE-2022-4282 MISC MISC
kodcloud — kodexplorer	Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue.	2022-12-06	7.5	CVE-2022-46154 MISC MISC
kujirahand — nadesiko3	OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product.	2022-12-05	9.8	CVE-2022-41642 MISC MISC MISC
lazy_mouse_project — lazy_mouse	Lazy Mouse server enforces weak password requirements and doesn’t implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2022-12-02	9.8	CVE-2022-45482 MISC
lzmouse — lazy_mouse	The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2022-12-05	9.8	CVE-2022-45481 MISC
maku — maku-boot	A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability.	2022-12-07	7.2	CVE-2022-4322 N/A N/A N/A
markdown_preview_enhanced_project — markdown_preview_enhanced	Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function.	2022-12-07	9.8	CVE-2022-45025 MISC
markdown_preview_enhanced_project — markdown_preview_enhanced	An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process.	2022-12-07	9.8	CVE-2022-45026 MISC
mikrotik — routeros	Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.	2022-12-05	9.8	CVE-2022-45313 MISC
mikrotik — routeros	Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.	2022-12-05	9.8	CVE-2022-45315 MISC
mobatek — mobaxterm	When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.	2022-12-06	9.1	CVE-2022-38337 MISC MISC
mobatek — mobaxterm	An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication.	2022-12-06	8.1	CVE-2022-38336 MISC
moxa — uc-8580-t-lx_firmware	Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code.	2022-12-02	7.6	CVE-2022-3086 MISC
nadesiko3_project — nadesiko3	OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.	2022-12-05	9.8	CVE-2022-42496 MISC MISC MISC
nadesiko3_project — nadesiko3	Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.	2022-12-05	7.5	CVE-2022-41777 MISC MISC MISC
neutrinolabs — xrdp	xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.	2022-12-09	9.8	CVE-2022-23468 MISC
neutrinolabs — xrdp	xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade.	2022-12-09	9.8	CVE-2022-23477 MISC
neutrinolabs — xrdp	xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade.	2022-12-09	9.8	CVE-2022-23478 MISC
neutrinolabs — xrdp	xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.	2022-12-09	9.8	CVE-2022-23479 MISC
neutrinolabs — xrdp	xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade.	2022-12-09	9.8	CVE-2022-23480 MISC
neutrinolabs — xrdp	xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.	2022-12-09	9.8	CVE-2022-23484 MISC
neutrinolabs — xrdp	xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade.	2022-12-09	9.1	CVE-2022-23481 MISC
neutrinolabs — xrdp	xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.	2022-12-09	9.1	CVE-2022-23482 MISC
neutrinolabs — xrdp	xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.	2022-12-09	9.1	CVE-2022-23483 MISC
neutrinolabs — xrdp	xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade.	2022-12-09	9.1	CVE-2022-23493 MISC
nodebb — nodebb	NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit.	2022-12-05	9.8	CVE-2022-46164 MISC MISC
nodejs — node.js	The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.	2022-12-05	9.8	CVE-2022-35256 MISC
nodejs — node.js	A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.	2022-12-05	9.1	CVE-2022-35255 MISC
nodejs — node.js	A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.	2022-12-05	8.1	CVE-2022-43548 MISC
nokogiri — nokogiri	Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.	2022-12-08	7.5	CVE-2022-23476 MISC MISC MISC
nttdata — terasoluna_server_framework_for_java_$rich$	TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application.	2022-12-05	7.8	CVE-2022-43484 MISC MISC MISC
offis — dcmtk	DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.	2022-12-02	7.5	CVE-2022-43272 MISC MISC
omron — cx-programmer	Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.	2022-12-07	7.8	CVE-2022-43508 MISC MISC
omron — cx-programmer	Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.	2022-12-07	7.8	CVE-2022-43509 MISC MISC
omron — cx-programmer	Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.	2022-12-07	7.8	CVE-2022-43667 MISC MISC
online_leave_management_system_project — online_leave_management_system	Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-12-07	7.2	CVE-2022-45009 MISC
paddlepaddle — paddlepaddle	Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.	2022-12-07	9.8	CVE-2022-46742 MISC
paddlepaddle — paddlepaddle	Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.	2022-12-07	9.1	CVE-2022-46741 MISC
passeo_project — passeo	Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python `random` library for random value selection. The python `random` library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2022-12-06	7.5	CVE-2022-23472 MISC MISC MISC
pdfmake_project — pdfmake	pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input.	2022-12-06	9.8	CVE-2022-46161 MISC MISC
postmagthemes — postmagthemes_demo_import	The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.	2022-12-05	7.2	CVE-2022-1540 MISC
premio — chaty	The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin.	2022-12-05	7.2	CVE-2022-3858 MISC
proofpoint — enterprise_protection	The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.	2022-12-06	9.6	CVE-2022-46332 MISC
proofpoint — enterprise_protection	The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.	2022-12-06	7.2	CVE-2022-46333 MISC
protocol — libp2p	libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based network. Users are advised to upgrade to `libp2p` `v0.45.1` or above. Users unable to upgrade should reference the DoS Mitigation page for more information on how to incorporate mitigation strategies, monitor their application, and respond to attacks: https://docs.libp2p.io/reference/dos-mitigation/.	2022-12-07	7.5	CVE-2022-23486 MISC
protocol — libp2p	js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency to `v0.38.0` or greater. There are no known workarounds for this vulnerability.	2022-12-07	7.5	CVE-2022-23487 MISC
protocol — libp2p	go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of go-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to upgrade their version of go-libp2p to version `0.18.1` or newer. Users unable to upgrade may consult the denial of service (dos) mitigation page for more information on how to incorporate mitigation strategies, monitor your application, and respond to attacks.	2022-12-08	7.5	CVE-2022-23492 MISC MISC MISC
proxmox — proxmox_mail_gateway	Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3.	2022-12-04	9.8	CVE-2022-35508 MISC MISC MISC MISC
proxmox — proxmox_mail_gateway	A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim’s browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.	2022-12-04	7.1	CVE-2022-35507 MISC MISC
pulsesecure — pulse_connect_secure	An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.	2022-12-05	7.5	CVE-2022-35254 MISC
pulsesecure — pulse_connect_secure	An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.	2022-12-05	7.5	CVE-2022-35258 MISC
pwndoc_project — pwndoc	An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file.	2022-12-05	8.8	CVE-2022-45771 MISC MISC
py7zr_project — py7zr	A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.	2022-12-06	9.1	CVE-2022-44900 MISC MISC MISC
quarkus — quarkus	Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.	2022-12-06	9.8	CVE-2022-4147 MISC
rack_project — rack	A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.	2022-12-05	10	CVE-2022-30123 MISC
rack_project — rack	A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.	2022-12-05	7.5	CVE-2022-30122 MISC
rackn — digital_rebar	RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access.	2022-12-06	9.8	CVE-2022-46383 MISC MISC
rackn — digital_rebar	RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.	2022-12-06	8.8	CVE-2022-46382 MISC
redmine — redmine	Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.	2022-12-06	7.5	CVE-2022-44030 MISC MISC
rukovoditel — rukovoditel	Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.	2022-12-02	9.8	CVE-2022-44945 MISC MISC
rukovoditel — rukovoditel	Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.	2022-12-05	8.8	CVE-2022-45020 MISC
samsung — exynos_firmware	Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call.	2022-12-08	7.5	CVE-2022-39902 MISC
sangoma — asterisk	In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.	2022-12-05	7.5	CVE-2022-37325 MISC
sanitization_management_system_project — sanitization_management_system	Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=.	2022-12-07	7.2	CVE-2022-44393 MISC
seagate — stcg2000300_firmware	The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the “start” state and sending a check_device_name request.	2022-12-06	9.8	CVE-2020-6627 MISC MISC MISC
secomea — gatemanager	Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.	2022-12-06	7.2	CVE-2022-38123 MISC
simple-git_project — simple-git	The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).	2022-12-06	9.8	CVE-2022-25912 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
simple_phone_book\/directory_web_app_project — simple_phone_book\/directory_web_app	Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php.	2022-12-07	9.8	CVE-2022-45010 MISC
skycaiji — skycaiji	Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.	2022-12-07	9.8	CVE-2022-44351 MISC
slims — senayan_library_management_system	SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.	2022-12-05	7.5	CVE-2022-45019 MISC
stackstorm — stackstorm	Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn’t check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information.	2022-12-06	7.5	CVE-2022-44009 MISC
swiftterm_project — swiftterm	SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user’s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available.	2022-12-02	7.8	CVE-2022-23465 MISC MISC
syncee — syncee_-_global_dropshipping	The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator’s account.	2022-12-05	7.5	CVE-2022-3694 MISC
telepad-app — telepad	Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2022-12-05	9.8	CVE-2022-45477 MISC
telos — omnia_mpx_node_firmware	Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.	2022-12-02	8.8	CVE-2022-45562 MISC
telosalliance — omnia_mpx_node_firmware	An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* – 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.	2022-12-02	9.8	CVE-2022-43325 MISC
tenda — a18_firmware	Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.	2022-12-08	7.5	CVE-2022-44931 MISC
tenda — a18_firmware	An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service.	2022-12-08	7.5	CVE-2022-44932 MISC
tenda — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.	2022-12-02	7.5	CVE-2022-45641 MISC
tenda — i21_firmware	Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule.	2022-12-02	9.8	CVE-2022-44362 MISC
tenda — i21_firmware	Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo.	2022-12-02	9.8	CVE-2022-44363 MISC
tenda — i21_firmware	Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd.	2022-12-02	9.8	CVE-2022-44365 MISC
tenda — i21_firmware	Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo.	2022-12-02	9.8	CVE-2022-44366 MISC
tenda — i21_firmware	Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo.	2022-12-02	9.8	CVE-2022-44367 MISC
tenda — i22_firmware	Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.	2022-12-02	7.5	CVE-2022-45663 MISC
tenda — i22_firmware	Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function.	2022-12-02	7.5	CVE-2022-45664 MISC
tenda — i22_firmware	Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function.	2022-12-02	7.5	CVE-2022-45669 MISC
tenda — i22_firmware	Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.	2022-12-02	7.5	CVE-2022-45670 MISC
tenda — i22_firmware	Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function.	2022-12-02	7.5	CVE-2022-45671 MISC
tenda — i22_firmware	Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function.	2022-12-02	7.5	CVE-2022-45672 MISC
tenda — w30e_firmware	Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.	2022-12-08	9.8	CVE-2022-45506 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand.	2022-12-08	7.5	CVE-2022-45505 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName.	2022-12-08	7.5	CVE-2022-45507 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName.	2022-12-08	7.5	CVE-2022-45508 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName.	2022-12-08	7.5	CVE-2022-45509 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset.	2022-12-08	7.5	CVE-2022-45510 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex.	2022-12-08	7.5	CVE-2022-45511 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter.	2022-12-08	7.5	CVE-2022-45512 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter.	2022-12-08	7.5	CVE-2022-45513 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter.	2022-12-08	7.5	CVE-2022-45514 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat.	2022-12-08	7.5	CVE-2022-45515 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting.	2022-12-08	7.5	CVE-2022-45516 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer.	2022-12-08	7.5	CVE-2022-45517 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind.	2022-12-08	7.5	CVE-2022-45518 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter.	2022-12-08	7.5	CVE-2022-45519 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting.	2022-12-08	7.5	CVE-2022-45520 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter.	2022-12-08	7.5	CVE-2022-45521 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter.	2022-12-08	7.5	CVE-2022-45522 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im.	2022-12-08	7.5	CVE-2022-45523 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave.	2022-12-08	7.5	CVE-2022-45524 MISC
tenda — w30e_firmware	Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo.	2022-12-08	7.5	CVE-2022-45525 MISC
tenda — w6-s_firmware	Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.	2022-12-08	9.8	CVE-2022-45497 MISC
tenda — w6-s_firmware	An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.	2022-12-08	7.5	CVE-2022-45498 MISC
tenda — w6-s_firmware	Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.	2022-12-08	7.5	CVE-2022-45499 MISC
tenda — w6-s_firmware	Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.	2022-12-08	7.5	CVE-2022-45501 MISC
tenda — w6-s_firmware	Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing.	2022-12-08	7.5	CVE-2022-45503 MISC
tenda — w6-s_firmware	An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.	2022-12-08	7.5	CVE-2022-45504 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function.	2022-12-02	7.5	CVE-2022-45643 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function.	2022-12-02	7.5	CVE-2022-45644 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.	2022-12-02	7.5	CVE-2022-45645 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function.	2022-12-02	7.5	CVE-2022-45646 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.	2022-12-02	7.5	CVE-2022-45647 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.	2022-12-02	7.5	CVE-2022-45648 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function.	2022-12-02	7.5	CVE-2022-45649 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.	2022-12-02	7.5	CVE-2022-45650 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function.	2022-12-02	7.5	CVE-2022-45651 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function.	2022-12-02	7.5	CVE-2022-45652 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function.	2022-12-02	7.5	CVE-2022-45653 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function.	2022-12-02	7.5	CVE-2022-45654 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function.	2022-12-02	7.5	CVE-2022-45655 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.	2022-12-02	7.5	CVE-2022-45656 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.	2022-12-02	7.5	CVE-2022-45657 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function.	2022-12-02	7.5	CVE-2022-45658 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.	2022-12-02	7.5	CVE-2022-45659 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function.	2022-12-02	7.5	CVE-2022-45660 MISC
tendacn — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function.	2022-12-02	7.5	CVE-2022-45661 MISC
thinkphp — thinkphp	Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.	2022-12-06	8.8	CVE-2022-44289 MISC
tibco — nimbus	The Web Client component of TIBCO Software Inc.’s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO Nimbus: version 10.5.0.	2022-12-06	9.3	CVE-2022-41559 CONFIRM
ui — edgemax_edgerouter_firmware	A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.	2022-12-05	8.8	CVE-2022-43553 MISC
unimo — udr-ja1604_firmware	Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71×10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.	2022-12-07	8.8	CVE-2022-43464 MISC MISC
unimo — udr-ja1604_firmware	OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71×10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.	2022-12-07	8.8	CVE-2022-44606 MISC MISC
unimo — udr-ja1604_firmware	Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71×10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.	2022-12-07	8.8	CVE-2022-44620 MISC MISC
veeam — veeam_backup_for_google_cloud	Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms.	2022-12-05	9.8	CVE-2022-43549 MISC
veritas — netbackup_flex_scale_appliance	An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.	2022-12-04	9.8	CVE-2022-46414 MISC
veritas — netbackup_flex_scale_appliance	An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands.	2022-12-04	8.8	CVE-2022-46410 MISC
veritas — netbackup_flex_scale_appliance	An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.	2022-12-04	8.8	CVE-2022-46411 MISC
veritas — netbackup_flex_scale_appliance	An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.	2022-12-04	8.8	CVE-2022-46412 MISC
veritas — netbackup_flex_scale_appliance	An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.	2022-12-04	8.8	CVE-2022-46413 MISC
videolan — vlc_media_player	An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.	2022-12-06	7.8	CVE-2022-41325 MISC MISC MISC DEBIAN
vim — vim	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.	2022-12-03	9.8	CVE-2022-3491 CONFIRM MISC
vim — vim	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.	2022-12-02	9.8	CVE-2022-3520 MISC CONFIRM
vim — vim	Use After Free in GitHub repository vim/vim prior to 9.0.0789.	2022-12-02	7.8	CVE-2022-3591 MISC CONFIRM
vim — vim	Use After Free in GitHub repository vim/vim prior to 9.0.0882.	2022-12-05	7.8	CVE-2022-4292 CONFIRM MISC
warehouse_management_system_project — warehouse_management_system	A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.	2022-12-03	9.8	CVE-2022-4272 MISC MISC
webtareas_project — webtareas	webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.	2022-12-02	9.8	CVE-2022-44290 MISC MISC
webtareas_project — webtareas	webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.	2022-12-02	9.8	CVE-2022-44291 MISC MISC
wordpress_popular_posts_project — wordpress_popular_posts	External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.	2022-12-07	7.5	CVE-2022-43468 MISC MISC MISC
wp-ecommerce — easy_wp_smtp	Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress.	2022-12-06	8.8	CVE-2022-42699 MISC
wp-ecommerce — easy_wp_smtp	Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress.	2022-12-06	8.1	CVE-2022-45829 MISC
wp_csv_exporter_project — wp_csv_exporter	The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks	2022-12-05	7.2	CVE-2022-3249 MISC
xjd2020 — fastcms	A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability.	2022-12-06	8.8	CVE-2022-4300 N/A N/A MISC
yithemes — yith_woocommerce_gift_cards	Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress.	2022-12-06	9.8	CVE-2022-45359 MISC
zabbix — frontend	Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.	2022-12-05	9.8	CVE-2022-43515 MISC
zabbix — zabbix	A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)	2022-12-05	9.8	CVE-2022-43516 MISC
zimbra — collaboration	An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.	2022-12-05	7.2	CVE-2022-45912 MISC
zkteco — zktime	A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.	2022-12-06	7.5	CVE-2021-39434 MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
2kblater — 2kb_amazon_affiliates_store	Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress.	2022-12-04	6.1	CVE-2022-40968 MISC
add_comments_project — add_comments	The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).	2022-12-05	4.8	CVE-2022-3909 MISC
addonspress — advanced_import	The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks	2022-12-05	6.5	CVE-2022-3677 MISC
advanced_wp_columns_project — advanced_wp_columns	The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).	2022-12-05	4.8	CVE-2022-3426 MISC
apache — commons_net	Prior to Apache Commons Net 3.9.0, Net’s FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.	2022-12-03	6.5	CVE-2021-37533 CONFIRM MLIST
auto\/taxi_stand_management_system_project — auto\/taxi_stand_management_system	AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php.	2022-12-06	6.1	CVE-2022-43369 MISC MISC
awstats — awstats	AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.	2022-12-04	6.1	CVE-2022-46391 MISC MLIST
bd — bodyguard_999-603_firmware	The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.	2022-12-05	5.3	CVE-2022-43557 MISC
beappsmobile — pc_keyboard_wifi_\&_bluetooth	PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2022-12-02	5.9	CVE-2022-45480 MISC
beetl-bbs_project — beetl-bbs	A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107.	2022-12-08	5.4	CVE-2022-4347 N/A N/A
book_store_management_system_project — book_store_management_system	A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module.	2022-12-02	5.4	CVE-2022-45215 MISC MISC
book_store_management_system_project — book_store_management_system	A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module.	2022-12-07	5.4	CVE-2022-45217 MISC MISC
clicshopping — clicshopping_v3	A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter.	2022-12-05	6.1	CVE-2022-45769 MISC
concretecms — concrete_cms	Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.	2022-12-05	6.1	CVE-2022-43556 MISC MISC MISC
contest-gallery — contest_gallery	Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress.	2022-12-06	6.1	CVE-2022-45848 MISC
crowdstrike — falcon	CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.)	2022-12-04	4.9	CVE-2022-44721 MISC
dev4press — gd_bbpress_attachments	Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress.	2022-12-06	5.4	CVE-2022-45816 MISC
discourse — discourse	Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.	2022-12-02	4.3	CVE-2022-46159 MISC MISC
duxcms_project — duxcms	A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115.	2022-12-08	5.4	CVE-2020-36609 MISC MISC
ecommerce-website_project — ecommerce-website	A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.	2022-12-05	6.1	CVE-2022-45990 MISC
elbtide — advanced_booking_calendar	Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.	2022-12-05	6.5	CVE-2022-45824 MISC
enhancesoft — osticket	Cross-site Scripting (XSS) – Reflected in GitHub repository osticket/osticket prior to 1.16.4.	2022-12-02	5.4	CVE-2022-4271 CONFIRM MISC
fortinet — fortiadc	Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.	2022-12-06	6.5	CVE-2022-33876 MISC
fortinet — fortios	A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiOS 6.0.7 – 6.0.15, 6.2.2 – 6.2.12, 6.4.0 – 6.4.9 and 7.0.0 – 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.	2022-12-06	5.4	CVE-2022-40680 MISC
fortinet — fortisoar	Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.	2022-12-06	5.4	CVE-2022-38379 MISC
fsi — fs040u_firmware	Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console.	2022-12-05	4.6	CVE-2022-43442 MISC MISC MISC MISC MISC
google — android	In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207.	2022-12-05	6.7	CVE-2022-32594 MISC
google — android	In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446213; Issue ID: ALPS07446213.	2022-12-05	6.7	CVE-2022-32596 MISC
google — android	In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228.	2022-12-05	6.7	CVE-2022-32597 MISC
google — android	In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228.	2022-12-05	6.7	CVE-2022-32598 MISC
google — android	In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659.	2022-12-05	6.7	CVE-2022-32619 MISC
google — android	In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753.	2022-12-05	6.7	CVE-2022-32620 MISC
google — android	In gz, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363786; Issue ID: ALPS07363786.	2022-12-05	6.7	CVE-2022-32622 MISC
google — android	In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923.	2022-12-05	6.7	CVE-2022-32624 MISC
google — android	In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216.	2022-12-05	6.7	CVE-2022-32625 MISC
google — android	In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326239; Issue ID: ALPS07326239.	2022-12-05	6.7	CVE-2022-32626 MISC
google — android	In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310780; Issue ID: ALPS07310780.	2022-12-05	6.7	CVE-2022-32628 MISC
google — android	In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310774; Issue ID: ALPS07310774.	2022-12-05	6.7	CVE-2022-32629 MISC
google — android	In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966.	2022-12-05	6.7	CVE-2022-32630 MISC
google — android	In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453613; Issue ID: ALPS07453613.	2022-12-05	6.7	CVE-2022-32631 MISC
google — android	In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441630; Issue ID: ALPS07441630.	2022-12-05	6.7	CVE-2022-32632 MISC
google — android	In Wi-Fi, there is a possible memory access violation due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441637; Issue ID: ALPS07441637.	2022-12-05	6.7	CVE-2022-32633 MISC
google — android	In ccci, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138646; Issue ID: ALPS07138646.	2022-12-05	6.7	CVE-2022-32634 MISC
google — android	In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Issue ID: ALPS07310829.	2022-12-05	6.4	CVE-2022-32621 MISC
google — android	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-12-06	5.5	CVE-2022-39106 MISC
google — android	In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-12-06	5.5	CVE-2022-39129 MISC
google — android	In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-12-06	5.5	CVE-2022-39130 MISC
google — android	In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.	2022-12-06	5.5	CVE-2022-39131 MISC
google — android	In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-12-06	5.5	CVE-2022-39132 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-39133 MISC
google — android	Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.	2022-12-08	5.5	CVE-2022-39897 MISC
google — android	Implicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allows attacker to access sensitive information via implicit intent.	2022-12-08	5.5	CVE-2022-39905 MISC
google — android	In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel.	2022-12-06	5.5	CVE-2022-42754 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42755 MISC
google — android	In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel.	2022-12-06	5.5	CVE-2022-42756 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42759 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42760 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42761 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42762 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42763 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42764 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42765 MISC
google — android	In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.	2022-12-06	5.5	CVE-2022-42766 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42772 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42773 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42774 MISC
google — android	In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.	2022-12-06	5.5	CVE-2022-42775 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42779 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42780 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	5.5	CVE-2022-42781 MISC
google — android	In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.	2022-12-06	5.5	CVE-2022-42782 MISC
google — android	In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel.	2022-12-06	4.7	CVE-2022-39134 MISC
google — android	In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.	2022-12-06	4.7	CVE-2022-42770 MISC
google — android	In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.	2022-12-06	4.7	CVE-2022-42771 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	4.3	CVE-2022-42768 MISC
haxx — curl	curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.	2022-12-05	6.5	CVE-2022-35260 MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776.	2022-12-03	6.1	CVE-2022-4279 N/A N/A
ibm — business_automation_workflow	IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.	2022-12-07	6.1	CVE-2022-41735 MISC MISC
ilias — ilias	ILIAS before 7.16 allows External Control of File Name or Path.	2022-12-07	6.5	CVE-2022-45918 MISC FULLDISC MISC
ilias — ilias	ILIAS before 7.16 has an Open Redirect.	2022-12-07	6.1	CVE-2022-45917 MISC FULLDISC MISC
ilias — ilias	ILIAS before 7.16 allows XSS.	2022-12-07	5.4	CVE-2022-45916 MISC FULLDISC MISC
ivanti — endpoint_manager	ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.	2022-12-05	6.5	CVE-2022-23143 MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘datef’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.	2022-12-02	6.1	CVE-2022-4208 MISC MISC MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pointsf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.	2022-12-02	6.1	CVE-2022-4209 MISC MISC MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dnf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.	2022-12-02	6.1	CVE-2022-4210 MISC MISC MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ’emailf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.	2022-12-02	6.1	CVE-2022-4211 MISC MISC MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ipf’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.	2022-12-02	6.1	CVE-2022-4212 MISC MISC MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.	2022-12-02	6.1	CVE-2022-4213 MISC MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ip’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.	2022-12-02	6.1	CVE-2022-4214 MISC MISC MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘date’ parameter on the ‘chainedquiz_list’ page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.	2022-12-02	6.1	CVE-2022-4215 MISC MISC MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘facebook_appid’ parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2022-12-02	4.8	CVE-2022-4216 MISC MISC MISC MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2022-12-02	4.8	CVE-2022-4217 MISC MISC MISC MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2022-12-02	4.3	CVE-2022-4218 MISC MISC MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2022-12-02	4.3	CVE-2022-4219 MISC MISC MISC
kibokolabs — chained_quiz	The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2022-12-02	4.3	CVE-2022-4220 MISC MISC MISC MISC
kwoksys — information_server	An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.	2022-12-06	4.9	CVE-2022-45326 MISC MISC
kyocera — taskalfa_7550ci_firmware	Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.	2022-12-05	6.5	CVE-2022-41798 MISC MISC MISC
kyocera — taskalfa_7550ci_firmware	Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.	2022-12-05	6.5	CVE-2022-41807 MISC MISC MISC
kyocera — taskalfa_7550ci_firmware	Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.	2022-12-05	4.8	CVE-2022-41830 MISC MISC MISC
lazy_mouse_project — lazy_mouse	Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2022-12-02	5.9	CVE-2022-45483 MISC
linux — linux_kernel	A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action “mirred”) a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.	2022-12-05	5.5	CVE-2022-4269 MISC
mingsoft — mcms	A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.	2022-12-08	6.1	CVE-2022-4350 MISC MISC
oceanwp — sticky_header	Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress.	2022-12-04	6.5	CVE-2022-35730 MISC
online_leave_management_system_project — online_leave_management_system	Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module.	2022-12-07	4.8	CVE-2022-45008 MISC
openrazer_project — openrazer	OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices.	2022-12-05	4.6	CVE-2022-23467 MISC MISC
pinterest — querybook	Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow attackers to perform reflected cross site scripting (XSS) if Content Security Policy (CSP) is not enabled or `unsafe-inline` is allowed. Users are advised to upgrade to the latest, patched version of querybook (version 3.14.2 or greater). Users unable to upgrade may enable CSP and not allow unsafe-inline or manually escape query parameters in a reverse proxy.	2022-12-06	6.1	CVE-2022-46151 MISC MISC
pwn_project — pwn	A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability.	2022-12-08	6.8	CVE-2022-4349 N/A N/A
rapidscada — rapid_scada	Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS).	2022-12-07	6.1	CVE-2022-44153 MISC
ricoh — aficio_sp_4210n_firmware	Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.	2022-12-07	4.8	CVE-2022-37406 MISC MISC MISC
rukovoditel — rukovoditel	Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.	2022-12-02	5.4	CVE-2022-44944 MISC MISC
rukovoditel — rukovoditel	Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.	2022-12-02	5.4	CVE-2022-44946 MISC MISC
rukovoditel — rukovoditel	Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking “Add”.	2022-12-02	5.4	CVE-2022-44947 MISC MISC
rukovoditel — rukovoditel	Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking “Add”.	2022-12-02	5.4	CVE-2022-44948 MISC MISC
rukovoditel — rukovoditel	Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.	2022-12-02	5.4	CVE-2022-44949 MISC MISC
rukovoditel — rukovoditel	Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.	2022-12-02	5.4	CVE-2022-44950 MISC MISC
rukovoditel — rukovoditel	Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.	2022-12-02	5.4	CVE-2022-44951 MISC MISC
rukovoditel — rukovoditel	Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking “Add”.	2022-12-02	5.4	CVE-2022-44952 MISC MISC
ruoyi — ruoyi-cloud	A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108.	2022-12-08	6.1	CVE-2022-4348 N/A N/A
salonbookingsystem — salon_booking_system	Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script.	2022-12-05	6.1	CVE-2022-43487 MISC MISC MISC
sangoma — asterisk	An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.	2022-12-05	4.9	CVE-2022-42706 MISC
sangoma — certified_asterisk	A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.	2022-12-05	6.5	CVE-2022-42705 MISC
ss-proj — shirasagi	Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.	2022-12-05	6.1	CVE-2022-43479 MISC MISC MISC MISC
ss-proj — shirasagi	Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.	2022-12-05	5.4	CVE-2022-43499 MISC MISC MISC MISC
stackstorm — stackstorm	Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.	2022-12-05	5.4	CVE-2022-43706 MISC
telegram — telegram	DISPUTED Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding.	2022-12-06	6.1	CVE-2022-43363 MISC MISC
telepad-app — telepad	Telepad allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2022-12-05	5.9	CVE-2022-45478 MISC
teler_project — teler	teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting (XSS) in the teler dashboard. When teler requests messages from the event stream on the `/events` endpoint, the log data displayed on the dashboard are not sanitized. This only affects authenticated users and can only be exploited based on detected threats if the log contains a DOM scripting payload. This vulnerability has been fixed on version `v2.0.0-rc.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2022-12-06	5.4	CVE-2022-23466 MISC MISC
tenda — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.	2022-12-02	6.5	CVE-2022-45673 MISC
tenda — ac6_firmware	Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.	2022-12-02	6.5	CVE-2022-45674 MISC
tenda — i22_firmware	Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.	2022-12-02	6.5	CVE-2022-45667 MISC
tenda — i22_firmware	Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.	2022-12-02	6.5	CVE-2022-45668 MISC
themeum — wp_page_builder	The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).	2022-12-05	4.8	CVE-2022-3830 MISC
tibco — nimbus	The Statement Set Upload via the Web Client component of TIBCO Software Inc.’s TIBCO Nimbus contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Denial of Service Attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Nimbus: version 10.5.0.	2022-12-06	6.5	CVE-2022-41560 CONFIRM
tomexam — tomexam	Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml.	2022-12-05	5.4	CVE-2021-34181 MISC
tp-link — re3000_firmware	tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product’s OneMesh function.	2022-12-07	5.5	CVE-2022-41783 MISC MISC
tp-link — tl-wr740n_firmware	A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214812.	2022-12-06	5.5	CVE-2022-4296 MISC MISC
user_registration_\&_user_management_system_project — user_registration_\&_user_management_system	Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages.	2022-12-05	5.4	CVE-2022-43097 MISC
vim — vim	Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.	2022-12-05	5.5	CVE-2022-4293 CONFIRM MISC
webtareas_project — webtareas	webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking “Add”.	2022-12-02	5.4	CVE-2022-44953 MISC MISC
webtareas_project — webtareas	webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking “Add”.	2022-12-02	5.4	CVE-2022-44954 MISC MISC
webtareas_project — webtareas	webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field.	2022-12-02	5.4	CVE-2022-44955 MISC MISC
webtareas_project — webtareas	webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.	2022-12-02	5.4	CVE-2022-44956 MISC MISC
webtareas_project — webtareas	webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.	2022-12-02	5.4	CVE-2022-44957 MISC MISC
webtareas_project — webtareas	webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.	2022-12-02	5.4	CVE-2022-44959 MISC MISC
webtareas_project — webtareas	webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.	2022-12-02	5.4	CVE-2022-44960 MISC MISC
webtareas_project — webtareas	webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.	2022-12-02	5.4	CVE-2022-44961 MISC MISC
webtareas_project — webtareas	webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.	2022-12-02	5.4	CVE-2022-44962 MISC MISC
wordpress — wordpress	Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script .	2022-12-05	6.1	CVE-2022-43497 MISC MISC MISC
wordpress — wordpress	Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script .	2022-12-05	6.1	CVE-2022-43500 MISC MISC MISC
wordpress — wordpress	Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature.	2022-12-05	5.3	CVE-2022-43504 MISC MISC MISC
wp-ecommerce — easy_wp_smtp	Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress.	2022-12-06	6.5	CVE-2022-45833 MISC
wp-oauth — wp_oauth_server	The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID	2022-12-05	6.5	CVE-2022-3926 MISC
wp-oauth — wp_oauth_server	The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-12-05	4.8	CVE-2022-3892 MISC
wpmanage — uji_countdown	The Uji Countdown WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).	2022-12-05	4.8	CVE-2022-3837 MISC
wpupper_share_buttons_project — wpupper_share_buttons	The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).	2022-12-05	4.8	CVE-2022-3838 MISC
xylusthemes — wp_smart_import	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress.	2022-12-06	6.1	CVE-2022-40209 MISC
zyxel — atp800_firmware	A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser.	2022-12-06	6.1	CVE-2022-40603 CONFIRM
zzcms — zzcms	An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.	2022-12-07	5.4	CVE-2022-44361 MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
google — android	Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.	2022-12-08	3.3	CVE-2022-39894 MISC
google — android	Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.	2022-12-08	3.3	CVE-2022-39895 MISC
google — android	Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.	2022-12-08	3.3	CVE-2022-39896 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	3.3	CVE-2022-42757 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	3.3	CVE-2022-42758 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	3.3	CVE-2022-42767 MISC
google — android	In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.	2022-12-06	3.3	CVE-2022-42769 MISC
hitachi — jp1\/automatic_operation	Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01.	2022-12-06	3.3	CVE-2022-34881 MISC
m-files — m-files_server	Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.	2022-12-02	2.6	CVE-2022-4270 MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
akeneo_pim — akeneo_pim	Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions aforementioned provides patched Apache HTTP server configuration file, for docker setup and in documentation sample, to fix this vulnerability. Community Edition users must change their Apache HTTP server configuration accordingly to be protected. The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October 2022. Users are advised to upgrade. Users unable to upgrade may Replace any reference to `<FilesMatch \.php$>` in their apache httpd configurations with: `<Location “/index.php”>`.	2022-12-09	not yet calculated	CVE-2022-46157 MISC MISC
apache — manifoldcf	Improper neutralization of special elements used in an LDAP query (‘LDAP Injection’) vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions.	2022-12-07	not yet calculated	CVE-2022-45910 MISC
aruba — airwave_management_platform	Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.	2022-12-08	not yet calculated	CVE-2022-37916 MISC
aruba — airwave_management_platform	Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.	2022-12-08	not yet calculated	CVE-2022-37917 MISC
aruba — airwave_management_platform	Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.	2022-12-08	not yet calculated	CVE-2022-37918 MISC
automotive_shop_management_system — automotive_shop_management_system	Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php.	2022-12-09	not yet calculated	CVE-2022-44838 MISC
baota — baota	In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature.	2022-12-09	not yet calculated	CVE-2022-4336 MISC
basercms — basercms	Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.	2022-12-07	not yet calculated	CVE-2022-41994 MISC MISC
basercms — basercms	Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.	2022-12-07	not yet calculated	CVE-2022-42486 MISC MISC
broadcom — brocade_fabric_os	A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.	2022-12-08	not yet calculated	CVE-2022-33186 MISC
broadcom — brocade_sannav	Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.	2022-12-09	not yet calculated	CVE-2022-33187 MISC
broadcom — symantec_messaging_gateway	An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column)	2022-12-09	not yet calculated	CVE-2022-25629 MISC
broadcom — symantec_messaging_gateway	An authenticated user can embed malicious content with XSS into the admin group policy page.	2022-12-09	not yet calculated	CVE-2022-25630 MISC
buffalo_inc — multiple_products	Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WLI-TX4-AG300N firmware Ver. 1.53 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WZR2-G108 firmware Ver. 1.33 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, and WZR-HP-G450H firmware Ver. 1.90 and earlier.	2022-12-07	not yet calculated	CVE-2022-39044 MISC MISC
buffalo_inc — multiple_products	Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier.	2022-12-07	not yet calculated	CVE-2022-40966 MISC MISC
buffalo_inc — multiple_products	Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, and WZR-D1100H firmware Ver. 2.00 and earlier.	2022-12-07	not yet calculated	CVE-2022-34840 MISC MISC
buildah — buildah	A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.	2022-12-08	not yet calculated	CVE-2022-4122 MISC MISC
buildah — buildah	A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.	2022-12-08	not yet calculated	CVE-2022-4123 MISC
canon_medical_informatics — vitrea_vision	Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.	2022-12-09	not yet calculated	CVE-2022-38765 MISC
certifi — certifi	Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from “TrustCor” from the root store. These are in the process of being removed from Mozilla’s trust store. TrustCor’s root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor’s ownership also operated a business that produced spyware. Conclusions of Mozilla’s investigation can be found in the linked google group discussion.	2022-12-07	not yet calculated	CVE-2022-23491 MISC MISC
chicken — chicken	egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.	2022-12-10	not yet calculated	CVE-2022-45145 MISC MISC MISC
codecentric– spring-boot-admin	Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint.	2022-12-09	not yet calculated	CVE-2022-46166 MISC MISC
containerd — containerd	containerd is an open source container runtime. A bug was found in containerd’s CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user’s process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd’s CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.	2022-12-07	not yet calculated	CVE-2022-23471 MISC MISC
csliuwy — coder-chain_gdut	A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095.	2022-12-07	not yet calculated	CVE-2022-4341 N/A N/A
cube-js — cube-js	cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to 0.31.24 or to downgrade to 0.31.22. There are no known workarounds for this vulnerability.	2022-12-09	not yet calculated	CVE-2022-23510 MISC MISC MISC
daloradius — daloradius	daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in two parts 1) The CSRF vulnerability can be mitigated by making the daloRadius session cookie to samesite=Lax or by the implimentation of a CSRF token in all forms. 2) The XSS vulnerability may be mitigated by escaping it or by introducing a Content-Security policy.	2022-12-06	not yet calculated	CVE-2022-23475 MISC MISC
dhis2 — dhis2-core	DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated user to open the malicious file in a browser which would trigger the javascript code, resulting in a cross-site scripting (XSS) attack. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. Users unable to upgrade may add the following simple CSP rule in your web proxy to the vulnerable endpoints: `script-src ‘none’`. This workaround will prevent all javascript from running on those endpoints.	2022-12-08	not yet calculated	CVE-2022-41947 MISC MISC
dhis2 — dhis2-core	DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an HTTP PUT request. Only users with the following DHIS2 user role authorities can exploit this vulnerability. Note that in many systems the only users with user admin privileges are also superusers. In these cases, the escalation vulnerability does not exist. The vulnerability is only exploitable by attackers who can authenticate as users with the user admin authority. As this is usually a small and relatively trusted set of users, exploit vectors will often be limited. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. The only known workaround to this issue is to avoid the assignment of the user management authority to any users until the patch has been applied.	2022-12-08	not yet calculated	CVE-2022-41948 MISC
dhis2 — dhis2-core	DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources (like third party servers). This could allow an attacker, for example, to identify vulnerable services which might not be otherwise exposed to the public internet or to determine whether a specific file is present on the DHIS2 server. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. At this time, there is no known workaround or mitigation for this vulnerability.	2022-12-08	not yet calculated	CVE-2022-41949 MISC MISC
f5 — big-ip	In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-12-07	not yet calculated	CVE-2022-41800 MISC
freshrss — freshrss	FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration might contain a hashed password (brypt with cost 9, salted) of the GReader API, and a hashed password (MD5 salted) of the Fever API. Users should update to version 1.20.2 or edge. Users unable to upgrade can apply the patch manually or delete the file `./FreshRSS/p/ext.php`.	2022-12-09	not yet calculated	CVE-2022-23497 MISC MISC MISC
funkwhale — funkwhale	User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.	2022-12-09	not yet calculated	CVE-2022-45292 MISC
go-merkledag — go-merkledag	go-merkledag implements the ‘DAGService’ interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don’t allow for error returns. A `ProtoNode` should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error from the codec. Manipulation of an existing (newly created or decoded) `ProtoNode` using the modifier methods did not account for certain states that would place the `ProtoNode` into an unencodeable form. Due to conformance with the [`github.com/ipfs/go-block-format#Block`](https://pkg.go.dev/github.com/ipfs/go-block-format#Block) and [`github.com/ipfs/go-ipld-format#Node`](https://pkg.go.dev/github.com/ipfs/go-ipld-format#Node) interfaces, certain methods, which internally require a re-encode if state has changed, will panic due to the inability to return an error. This issue has been addressed across a number of pull requests. Users are advised to upgrade to version 0.8.1 for a complete set of fixes. Users unable to upgrade may attempt to mitigate this issue by sanitising inputs when allowing user-input to set a new `CidBuilder` on a `ProtoNode` and by sanitising `Tsize` (`Link#Size`) values such that they are a reasonable byte-size for sub-DAGs where derived from user-input.	2022-12-08	not yet calculated	CVE-2022-23495 MISC MISC MISC MISC MISC MISC MISC MISC MISC
go-standard_library — os/net/http	On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(“C:/tmp”).Open(“COM1”) opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(“”) has changed. Previously, an empty root was treated equivalently to “/”, so os.DirFS(“”).Open(“tmp”) would open the path “/tmp”. This now returns an error.	2022-12-07	not yet calculated	CVE-2022-41720 MISC MISC MISC MISC
go-standard_library/golang — multiple_producst	An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.	2022-12-08	not yet calculated	CVE-2022-41717 MISC MISC MISC MISC MISC
ibm — cloud_transformation_advisor	IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214.	2022-12-09	not yet calculated	CVE-2022-41299 MISC MISC
interspire — email_marketer	Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists.	2022-12-09	not yet calculated	CVE-2022-44790 MISC
jetbrains — gateway	In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.	2022-12-08	not yet calculated	CVE-2022-46829 MISC
jetbrains — intellij_idea	In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.	2022-12-08	not yet calculated	CVE-2022-46824 MISC
jetbrains — intellij_idea	In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.	2022-12-08	not yet calculated	CVE-2022-46825 MISC
jetbrains — intellij_idea	In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.	2022-12-08	not yet calculated	CVE-2022-46826 MISC
jetbrains — intellij_idea	In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.	2022-12-08	not yet calculated	CVE-2022-46827 MISC
jetbrains — intellij_idea	In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.	2022-12-08	not yet calculated	CVE-2022-46828 MISC
jetbrains — teamcity	In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.	2022-12-08	not yet calculated	CVE-2022-46830 MISC
jetbrains — teamcity	In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the “Default Credential Provider Chain” allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.	2022-12-08	not yet calculated	CVE-2022-46831 MISC
kbase_doc — kbase_doc	Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java.	2022-12-09	not yet calculated	CVE-2022-45290 MISC
labstack — labstack	Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.	2022-12-07	not yet calculated	CVE-2020-36565 MISC MISC MISC
linux — linux	Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).	2022-12-07	not yet calculated	CVE-2022-42328 MISC MLIST MLIST MLIST
linux — linux	Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).	2022-12-07	not yet calculated	CVE-2022-42329 MISC MLIST MLIST MLIST
lirantal — daloradius	Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitHub repository lirantal/daloradius prior to master branch.	2022-12-08	not yet calculated	CVE-2022-4366 CONFIRM MISC
m-files — web	Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.	2022-12-09	not yet calculated	CVE-2022-4264 MISC
metinfo — metinfo	A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.	2022-12-07	not yet calculated	CVE-2022-44849 MISC
micro_focus — operations_bridge_containerized	A potential vulnerability has been identified in Micro Focus Operations Bridge – Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11.	2022-12-08	not yet calculated	CVE-2022-38754 MISC MISC MISC
mingsoft — mcms	A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196.	2022-12-09	not yet calculated	CVE-2022-4375 MISC MISC
morontt — zend-blog-number-2	A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability.	2022-12-10	not yet calculated	CVE-2022-4397 N/A N/A
netgear — nighthawk_rax30	A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network.	2022-12-09	not yet calculated	CVE-2022-4390 MISC MISC
nortonlifelock — avast_antivirus	The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.	2022-12-08	not yet calculated	CVE-2022-4291 MISC
openharmony — openharmony	Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.	2022-12-08	not yet calculated	CVE-2022-41802 MISC
openharmony — openharmony	The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.	2022-12-08	not yet calculated	CVE-2022-44455 MISC
openharmony — openharmony	OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.	2022-12-08	not yet calculated	CVE-2022-45118 MISC
openharmony — openharmony	OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.	2022-12-08	not yet calculated	CVE-2022-45877 MISC
pb-cms — pb-cms	A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-215114 is the identifier assigned to this vulnerability.	2022-12-08	not yet calculated	CVE-2022-4354 MISC MISC
pb-cms — pb-cms	A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215113 was assigned to this vulnerability.	2022-12-08	not yet calculated	CVE-2022-4353 MISC MISC
perl — perl	The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user’s terminal and certain options are set.	2022-12-09	not yet calculated	CVE-2022-4170 MISC MISC
prestashop — prestashop	PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue.	2022-12-08	not yet calculated	CVE-2022-46158 MISC MISC
qubes-mirage-firewall — qubes-mirage-firewall	qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).	2022-12-07	not yet calculated	CVE-2022-46770 MISC
radareorg — radareorg/radare2	Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.	2022-12-10	not yet calculated	CVE-2022-4398 MISC CONFIRM
rapid7 — nexpose_and_insightvm	Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself.	2022-12-08	not yet calculated	CVE-2022-4261 CONFIRM CONFIRM CONFIRM
red_hat — openshift	Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.	2022-12-09	not yet calculated	CVE-2022-3259 MISC
red_hat — openshift	The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.	2022-12-08	not yet calculated	CVE-2022-3260 MISC
red_hat — openshift	A flaw was found in Openshift. A pod with a DNSPolicy of “ClusterFirst” may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.	2022-12-08	not yet calculated	CVE-2022-3262 MISC
reputeinfosystems — armember	Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress.	2022-12-06	not yet calculated	CVE-2022-42888 MISC
s-cms — s-cms	A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability.	2022-12-09	not yet calculated	CVE-2022-4377 N/A N/A
samsung — calendar	Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.	2022-12-08	not yet calculated	CVE-2022-39915 MISC
samsung — decoding_library	Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.	2022-12-08	not yet calculated	CVE-2022-39907 MISC
samsung — decoding_library	TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.	2022-12-08	not yet calculated	CVE-2022-39908 MISC
samsung — displaymanagerservice	Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.	2022-12-08	not yet calculated	CVE-2022-39914 MISC
samsung — exynos_baseband	Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB.	2022-12-08	not yet calculated	CVE-2022-39901 MISC
samsung — gear_iconx_pc_manager	Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link.	2022-12-08	not yet calculated	CVE-2022-39909 MISC
samsung — iiccphonebook	Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.	2022-12-08	not yet calculated	CVE-2022-39898 MISC
samsung — nice_catch	Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch.	2022-12-08	not yet calculated	CVE-2022-39900 MISC
samsung — pass	Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.	2022-12-08	not yet calculated	CVE-2022-39910 MISC
samsung — pass	Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass.	2022-12-08	not yet calculated	CVE-2022-39911 MISC
samsung — persona_manager	Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information.	2022-12-08	not yet calculated	CVE-2022-39913 MISC
samsung — personamanagerservice	Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder.	2022-12-08	not yet calculated	CVE-2022-39912 MISC
samsung — rcs_call	Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number.	2022-12-08	not yet calculated	CVE-2022-39903 MISC
samsung — sectelephonyprovider	Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information.	2022-12-08	not yet calculated	CVE-2022-39906 MISC
samsung — settings	Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log.	2022-12-08	not yet calculated	CVE-2022-39904 MISC
samsung — windowmanagerservice	Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture.	2022-12-08	not yet calculated	CVE-2022-39899 MISC
secomea — gatemanager	A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7.	2022-12-09	not yet calculated	CVE-2022-2752 MISC
secustation — multiple_products	In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217.	2022-12-08	not yet calculated	CVE-2022-40939 MISC MISC
seeddms — seeddms	Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack.	2022-12-08	not yet calculated	CVE-2022-44938 MISC
sentry — sentry	Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their `sentry.conf.py` file (usually located at `~/.sentry/`).	2022-12-10	not yet calculated	CVE-2022-23485 MISC
shift_tech_inc — bingo!cms	Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.	2022-12-07	not yet calculated	CVE-2022-42458 MISC MISC
six_apart_ltd — movable_type	Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of ‘Manage of Content Types’ may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.	2022-12-07	not yet calculated	CVE-2022-43660 MISC MISC
six_apart_ltd — movable_type	Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.	2022-12-07	not yet calculated	CVE-2022-45113 MISC MISC
six_apart_ltd — movable_type	Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.	2022-12-07	not yet calculated	CVE-2022-45122 MISC MISC
teledyne flir — ax8	A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability.	2022-12-08	not yet calculated	CVE-2022-4364 N/A N/A
teleport — teleport	Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.	2022-12-08	not yet calculated	CVE-2022-38599 MISC MISC
ticklishhoneybee — nodau	A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252.	2022-12-10	not yet calculated	CVE-2022-4399 MISC MISC MISC
tinymce — tinymce	tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which presents these dialogs when certain errors occur. The vulnerability allowed arbitrary JavaScript execution when an alert presented in the TinyMCE UI for the current user. This vulnerability has been patched in TinyMCE 5.10.7 and TinyMCE 6.3.1 by ensuring HTML sanitization was still performed after unwrapping invalid elements. Users are advised to upgrade to either 5.10.7 or 6.3.1. Users unable to upgrade may ensure the the `images_upload_handler` returns a valid value as per the images_upload_handler documentation.	2022-12-08	not yet calculated	CVE-2022-23494 MISC MISC MISC MISC MISC MISC
traefik — traefik	Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.	2022-12-08	not yet calculated	CVE-2022-23469 MISC MISC MISC
traefik — traefik	Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.	2022-12-08	not yet calculated	CVE-2022-46153 MISC MISC MISC MISC
trendnet — wireless_ac_easy-upgrader_tew-820ap	A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution.	2022-12-07	not yet calculated	CVE-2022-44373 MISC
typora — typora	Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product.	2022-12-07	not yet calculated	CVE-2022-43668 MISC MISC
western_digital — my_cloud	Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.	2022-12-09	not yet calculated	CVE-2022-29838 MISC
western_digital — my_cloud	Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.	2022-12-09	not yet calculated	CVE-2022-29839 MISC
wireshark — wireshark	Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows	2022-12-09	not yet calculated	CVE-2022-3724 MISC MISC CONFIRM
xen_project — xen	Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.	2022-12-07	not yet calculated	CVE-2022-3643 MISC MLIST
yauaa — yauaa	Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. If uncaught the exception will result in a program crash. Applications that do not use this feature are not affected. Users are advised to upgrade to version 7.9.0. Users unable to upgrade may catch and discard any ArrayIndexOutOfBoundsException thrown by the Yauaa library.	2022-12-08	not yet calculated	CVE-2022-23496 MISC MISC
yii — gii	Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.	2022-12-09	not yet calculated	CVE-2022-34297 MISC
zephyr — zephyr	There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.	2022-12-09	not yet calculated	CVE-2022-2993 MISC
zkteco — xiamen_information_technology_zkbio_eco_adms	ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS).	2022-12-09	not yet calculated	CVE-2022-44213 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

To keep up to date follow us on the below channels.

Tags: threatintel, US-CERT

US-CERT Bulletin (SB22-346):Vulnerability Summary for the Week of December 5, 2022

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Akira Ransomware Victim: Serfilco, RP Adams, Baron Blakeslee, Pac er, Service Filtrati on of Canada, Polyma r[.]

Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters

8 Base Ransomware Victim: YRW Limited – Chartered Accountants

8 Base Ransomware Victim: APS – Automotive Parts Solutions

8 Base Ransomware Victim: PWS – The Laundry Company

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

You may have missed

Akira Ransomware Victim: Serfilco, RP Adams, Baron Blakeslee, Pac er, Service Filtrati on of Canada, Polyma r[.]

Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters

8 Base Ransomware Victim: YRW Limited – Chartered Accountants

8 Base Ransomware Victim: APS – Automotive Parts Solutions

8 Base Ransomware Victim: PWS – The Laundry Company