US-CERT Bulletin (SB22-332):Vulnerability Summary for the Week of November 21, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
2code — wpqa_builder The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks 2022-11-21 8.8 CVE-2022-3688
CONFIRM
aerocms_project — aerocms AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information. 2022-11-22 7.5 CVE-2022-45330
MISC
MISC
aerocms_project — aerocms AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information. 2022-11-22 7.5 CVE-2022-45331
MISC
MISC
apache — alarm_instance_management Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher 2022-11-23 9.8 CVE-2022-45462
CONFIRM
MLIST
apache — hama ** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed. 2022-11-21 7.5 CVE-2022-45470
MISC
MLIST
apartment_visitors_management_system_project — apartment_visitors_management_system Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. 2022-11-23 9.8 CVE-2022-44139
MISC
api2cart — api2cart_bridge_connector Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. 2022-11-18 9.8 CVE-2022-42497
CONFIRM
CONFIRM
api2cart — api2cart_bridge_connector Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. 2022-11-18 9.8 CVE-2022-42698
CONFIRM
CONFIRM
arm — utgard_gpu_kernel_driver An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory. 2022-11-23 7.5 CVE-2022-34830
MISC
MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic. 2022-11-18 7.2 CVE-2022-44378
MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service. 2022-11-18 7.2 CVE-2022-44379
MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=. 2022-11-18 7.2 CVE-2022-44413
MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=. 2022-11-18 7.2 CVE-2022-44414
MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=. 2022-11-18 7.2 CVE-2022-44415
MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=. 2022-11-18 7.2 CVE-2022-44820
MISC
awplife — event_monster The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users 2022-11-21 7.2 CVE-2022-3720
CONFIRM
beekeeperstudio — beekeeper-studio A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container. 2022-11-21 9.6 CVE-2022-43143
MISC
billing_system_project — billing_system Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php. 2022-11-22 9.8 CVE-2022-43214
MISC
MISC
billing_system_project — billing_system Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php. 2022-11-22 9.8 CVE-2022-43215
MISC
MISC
booster — booster_for_woocommerce The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack 2022-11-21 8.1 CVE-2022-3763
CONFIRM
carel — boss_mini_firmware Carel Boss Mini 1.5.0 has Improper Access Control. 2022-11-18 9.9 CVE-2022-34827
MISC
MISC
ciphercoin — contact_form_7_database_addon The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection 2022-11-21 9.8 CVE-2022-3634
CONFIRM
clogica — seo_redirection Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress. 2022-11-18 8.8 CVE-2022-40695
CONFIRM
CONFIRM
cncf — knative_func knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack. 2022-11-19 7.4 CVE-2022-41939
MISC
MISC
MISC
CONFIRM
codepeople — appointment_booking_calendar Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. 2022-11-18 8.8 CVE-2022-43482
CONFIRM
collne — welcart_e-commerce Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. 2022-11-18 9.8 CVE-2022-41840
CONFIRM
constantcontact — creative_mail Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. 2022-11-18 8.8 CVE-2022-40686
CONFIRM
constantcontact — creative_mail Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. 2022-11-18 8.8 CVE-2022-40687
CONFIRM
constantcontact — creative_mail Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. 2022-11-18 8.8 CVE-2022-44740
CONFIRM
CONFIRM
dlink — dir-3060_firmware D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. 2022-11-18 9.8 CVE-2022-44204
MISC
MISC
dlink — dir-823g_firmware D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. 2022-11-22 9.8 CVE-2022-44201
MISC
MISC
dlink — dir-823g_firmware A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. 2022-11-22 9.8 CVE-2022-44808
MISC
MISC
dlink — dir-878_firmware D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. 2022-11-22 9.8 CVE-2022-44202
MISC
MISC
dlink — dir-878_firmware D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. 2022-11-22 9.8 CVE-2022-44801
MISC
MISC
dlink — dir-882_firmware D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. 2022-11-22 9.8 CVE-2022-44804
MISC
MISC
dlink — dir-882_firmware D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. 2022-11-22 9.8 CVE-2022-44806
MISC
MISC
dlink — dir-882_firmware D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. 2022-11-22 9.8 CVE-2022-44807
MISC
MISC
dolibarr — dolibarr_erp\/crm SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization’s systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected 2022-11-21 9.8 CVE-2022-4093
MISC
CONFIRM
drachtio — drachtio-server drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. 2022-11-18 9.8 CVE-2022-45474
MISC
CONFIRM
dwbooster — appointment_hour_booking Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. 2022-11-18 8.8 CVE-2022-41692
CONFIRM
emerson — proficy Emerson Electric’s Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC. 2022-11-22 7.8 CVE-2022-2791
MISC
event_registration_application_project — event_registration_application Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. 2022-11-21 7.8 CVE-2022-44830
MISC
expresstech — quiz_and_survey_master Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. 2022-11-18 9.8 CVE-2022-41652
CONFIRM
expresstech — quiz_and_survey_master Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress. 2022-11-18 7.5 CVE-2022-42883
CONFIRM
fastify — fastify Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s essence as “application/x-www-form-urlencoded”, “multipart/form-data”, or “text/plain”, could potentially be used to invoke routes that only accepts `application/json` content type, thus bypassing any CORS protection, and therefore they could lead to a Cross-Site Request Forgery attack. This issue has been patched in version 4.10.2 and 3.29.4. As a workaround, implement Cross-Site Request Forgery protection using `@fastify/csrf’. 2022-11-22 8.8 CVE-2022-41919
MISC
MISC
CONFIRM
fluenx — deepl_pro_api_translation The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information in its log files (which are publicly accessible), including DeepL API key. 2022-11-21 7.5 CVE-2022-3691
CONFIRM
foxit — pdf_reader A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. 2022-11-21 7.8 CVE-2022-32774
MISC
foxit — pdf_reader A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. 2022-11-21 7.8 CVE-2022-37332
MISC
foxit — pdf_reader A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. 2022-11-21 7.8 CVE-2022-38097
MISC
foxit — pdf_reader A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. 2022-11-21 7.8 CVE-2022-40129
MISC
free5gc — free5gc In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. 2022-11-18 7.5 CVE-2022-38871
MISC
freedesktop — xdg-utils When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. 2022-11-19 7.4 CVE-2022-4055
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1. 2022-11-18 9.8 CVE-2022-41900
CONFIRM
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 9.1 CVE-2022-41880
CONFIRM
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 8.1 CVE-2022-41894
MISC
MISC
CONFIRM
google — tensorflow TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41883
MISC
MISC
CONFIRM
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41884
CONFIRM
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41885
MISC
CONFIRM
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41886
MISC
CONFIRM
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9. 2022-11-18 7.5 CVE-2022-41887
MISC
CONFIRM
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41888
MISC
MISC
CONFIRM
google — tensorflow TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41889
CONFIRM
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41890
MISC
MISC
CONFIRM
google — tensorflow TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41891
MISC
MISC
CONFIRM
google — tensorflow TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41893
CONFIRM
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41895
CONFIRM
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41896
MISC
MISC
CONFIRM
google — tensorflow TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41897
MISC
CONFIRM
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41898
CONFIRM
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41899
CONFIRM
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41901
MISC
CONFIRM
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41907
MISC
MISC
CONFIRM
google — tensorflow TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41908
MISC
MISC
CONFIRM
google — tensorflow TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41909
CONFIRM
MISC
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. When printing a tensor, we get it’s data as a `const char*` array (since that’s the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. 2022-11-18 7.5 CVE-2022-41911
MISC
MISC
CONFIRM
gunkastudios — login_block_ips The function check_is_login_page() uses headers for the IP check, which can be easily spoofed. 2022-11-21 7.5 CVE-2022-1579
CONFIRM
gvectors — wpdiscuz Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress. 2022-11-18 8.8 CVE-2022-43492
CONFIRM
CONFIRM
installbuilder — installbuilder InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL. 2022-11-18 7.3 CVE-2022-31694
MISC
intelbras — sg_2404_poe_firmware INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. 2022-11-18 7.8 CVE-2022-43308
MISC
MISC
jetbrains — hub In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address 2022-11-18 7.5 CVE-2022-45471
MISC
karmasis — infraskope_security_event_manager Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to obtain critical information. 2022-11-18 7.5 CVE-2022-24037
CONFIRM
karmasis — infraskope_security_event_manager Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed. 2022-11-18 7.5 CVE-2022-24038
CONFIRM
klik-socialmediawebsite_project — klik-socialmediawebsite KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php. 2022-11-22 8.8 CVE-2022-42098
MISC
MISC
MISC
MISC
lg — smart_share When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. 2022-11-21 7.8 CVE-2022-45422
MISC
librenms — librenms Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0. 2022-11-20 9.8 CVE-2022-4070
MISC
CONFIRM
librenms — librenms Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0. 2022-11-20 8.8 CVE-2022-3525
CONFIRM
MISC
linaro — lava In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server. 2022-11-18 9.8 CVE-2022-45132
MISC
MISC
linux — linux_kernel There are use-after-free vulnerabilities in the Linux kernel’s net/bluetooth/l2cap_core.c’s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url 2022-11-23 8.8 CVE-2022-42896
MISC
MISC
linux — linux_kernel Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 2022-11-22 7.8 CVE-2022-3910
MISC
MISC
maarch — maarch_rm Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. 2022-11-23 7.5 CVE-2022-37772
MISC
MISC
maggioli — appalti_\&_contratti An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated by the GetListaEnti.do cfamm parameter. 2022-11-21 9.8 CVE-2022-44785
MISC
maggioli — appalti_\&_contratti An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed services, there is the Axis AdminService, which, through the default configuration, should normally be accessible only by the localhost. Nevertheless, by trying to access the mentioned service, both in LFS and DL229, the service can actually be reached even by remote users, allowing creation of arbitrary services on the server side. When an attacker can reach the AdminService, they can use it to instantiate arbitrary services on the server. The exploit procedure is well known and described in Generic AXIS-SSRF exploitation. Basically, the attack consists of writing a JSP page inside the root directory of the web application, through the org.apache.axis.handlers.LogHandler class. 2022-11-21 8.8 CVE-2022-44784
MISC
maggioli — appalti_\&_contratti An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each application. 2022-11-21 7.5 CVE-2022-44786
MISC
maxfoundry — media_library_folders Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. 2022-11-18 8.8 CVE-2022-41634
CONFIRM
CONFIRM
miele_&_cie_kg — appwash
 
An API Endpoint used by Miele’s “AppWash” MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a small part of a HTTP request sent to the API. Reading or changing the password of another user was not possible, thus no impact to Availability. 2022-11-21 8.1 CVE-2022-3589
MISC
miniorange — google_authenticator Broken Access Control vulnerability in miniOrange’s Google Authenticator plugin <= 5.6.1 on WordPress. 2022-11-18 8.8 CVE-2022-42461
CONFIRM
miniorange — wordpress_rest_api_authentication Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. 2022-11-18 8.8 CVE-2022-45073
CONFIRM
mitel — micollab The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. 2022-11-22 9.8 CVE-2022-41326
MISC
MISC
my_wpdb_project — my_wpdb The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack 2022-11-21 8.8 CVE-2022-1578
CONFIRM
ndk-design — ndkadvancedcustomizationfields ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php. 2022-11-22 9.1 CVE-2022-40842
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec. 2022-11-22 9.8 CVE-2022-44184
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri. 2022-11-22 9.8 CVE-2022-44186
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri. 2022-11-22 9.8 CVE-2022-44187
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering. 2022-11-22 9.8 CVE-2022-44188
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering. 2022-11-22 9.8 CVE-2022-44190
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. 2022-11-22 9.8 CVE-2022-44191
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute. 2022-11-22 9.8 CVE-2022-44193
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec. 2022-11-22 9.8 CVE-2022-44194
MISC
MISC
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1. 2022-11-22 9.8 CVE-2022-44196
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. 2022-11-22 9.8 CVE-2022-44197
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. 2022-11-22 9.8 CVE-2022-44198
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. 2022-11-22 9.8 CVE-2022-44199
MISC
MISC
netgear — r7000p_firmware Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec. 2022-11-22 9.8 CVE-2022-44200
MISC
MISC
okfn — ckan CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts. 2022-11-22 8.8 CVE-2022-43685
MISC
MISC
optilinknetwork — op-xt71000n_firmware OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on “/diag_ping_admin.asp” to “PingTest” interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system. 2022-11-23 9.8 CVE-2020-23583
MISC
optilinknetwork — op-xt71000n_firmware Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using ” | ” to execute commands on ” /diag_tracert_admin.asp ” in the “PingTest” parameter that leads to command execution. 2022-11-23 9.8 CVE-2020-23584
MISC
optilinknetwork — op-xt71000n_firmware A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through ” /mgm_dev_upgrade.asp ” which can “delete every file for Denial of Service (using ‘rm -rf *.*’ in the code), reverse connection (using ‘.asp’ webshell), backdoor. 2022-11-23 9.8 CVE-2020-23591
MISC
optilinknetwork — op-xt71000n_firmware A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the “mgm_config_file.asp” because of which attacker can create a crafted “csrf form” which sends ” malicious xml data” to “/boaform/admin/formMgmConfigUpload”. the exploit allows attacker to “gain full privileges” and to “fully compromise of router & network”. 2022-11-23 8.8 CVE-2020-23585
MISC
optilinknetwork — op-xt71000n_firmware A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ‘ /mgm_dev_reset.asp.’ Resetting to default leads to Escalation of Privileges by logging-in with default credentials. 2022-11-23 8.8 CVE-2020-23592
MISC
oxilab — image_hover_effects_ultimate Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress. 2022-11-18 7.2 CVE-2022-42459
CONFIRM
CONFIRM
parallels — remote_application_server The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header. 2022-11-23 8.1 CVE-2022-40870
MISC
MISC
permalink_manager_lite_project — permalink_manager_lite Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. 2022-11-18 9.8 CVE-2022-41781
CONFIRM
pilz_gmbh_&_co._kg — pasvisu_server
 
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes (‘zip-slip’). 2022-11-24 7.5 CVE-2022-40977
MISC
proftpd — proftpd mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. 2022-11-23 7.5 CVE-2021-46854
MISC
MISC
MISC
MISC
redhat — build_of_quarkus A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution. 2022-11-22 9.8 CVE-2022-4116
MISC
ruby-lang — cgi The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. 2022-11-18 8.8 CVE-2021-33621
CONFIRM
sandhillsdev — easy_digital_downloads The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. 2022-11-21 9.8 CVE-2022-3600
CONFIRM
sankhya — sankhya_om ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada. 2022-11-22 9 CVE-2022-42989
MISC
MISC
MISC
silverstripe — framework Silverstripe silverstripe/framework through 4.11 allows SQL Injection. 2022-11-21 8.8 CVE-2022-38148
MISC
MISC
MISC
MISC
sourcegraph — sourcegraph Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0. 2022-11-22 7.8 CVE-2022-41942
CONFIRM
MISC
sourcegraph — sourcegraph sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0. 2022-11-22 7.2 CVE-2022-41943
MISC
CONFIRM
super_xray_project — super_xray super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation vulnerability was discovered. This caused inaccurate default xray permissions. Note: this vulnerability only affects Linux and Mac OS systems. Users should upgrade to super-xray 0.3-beta. 2022-11-22 7.8 CVE-2022-41950
CONFIRM
MISC
tenda — ac15_firmware Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. 2022-11-21 7.5 CVE-2022-44156
MISC
tenda — ac15_firmware Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer. 2022-11-21 7.5 CVE-2022-44167
MISC
tenda — ac15_firmware Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. 2022-11-21 7.5 CVE-2022-44168
MISC
tenda — ac15_firmware Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer. 2022-11-21 7.5 CVE-2022-44169
MISC
tenda — ac21_firmware Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name. 2022-11-21 7.5 CVE-2022-44158
MISC
tenda — ac21_firmware Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. 2022-11-21 7.5 CVE-2022-44163
MISC
testng_project — testng A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-214027. 2022-11-19 7.8 CVE-2022-4065
N/A
N/A
N/A
totolink — lr350_firmware TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. 2022-11-23 9.8 CVE-2022-44249
MISC
totolink — lr350_firmware TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. 2022-11-23 9.8 CVE-2022-44250
MISC
totolink — lr350_firmware TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. 2022-11-23 9.8 CVE-2022-44251
MISC
totolink — lr350_firmware TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. 2022-11-23 9.8 CVE-2022-44252
MISC
totolink — lr350_firmware TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. 2022-11-23 9.8 CVE-2022-44255
MISC
totolink — lr350_firmware TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. 2022-11-23 8.8 CVE-2022-44253
MISC
totolink — lr350_firmware TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. 2022-11-23 8.8 CVE-2022-44254
MISC
totolink — lr350_firmware TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. 2022-11-23 8.8 CVE-2022-44257
MISC
totolink — lr350_firmware TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. 2022-11-23 8.8 CVE-2022-44258
MISC
totolink — lr350_firmware TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. 2022-11-23 8.8 CVE-2022-44259
MISC
totolink — lr350_firmware TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function. 2022-11-23 8.8 CVE-2022-44260
MISC
totolink — nr1800x_firmware TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. 2022-11-23 8.8 CVE-2022-44256
MISC
visztpeter — package_points_and_shipping_labels_for_woocommerce Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter’s Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress. 2022-11-18 8.8 CVE-2022-41685
CONFIRM
CONFIRM
CONFIRM
CONFIRM
watchtowerhq — watchtower Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. 2022-11-18 9.1 CVE-2022-44584
CONFIRM
CONFIRM
watchtowerhq — watchtower Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. 2022-11-18 7.5 CVE-2022-44583
CONFIRM
CONFIRM
webence — iq_block_country Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. 2022-11-19 9.8 CVE-2022-41155
CONFIRM
CONFIRM
wedevs — wp_user_frontend The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin 2022-11-21 9.8 CVE-2021-24649
CONFIRM
wordplus — better_messages Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress. 2022-11-19 8.8 CVE-2022-41609
CONFIRM
CONFIRM
zohocorp — manageengine_admanager_plus Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. 2022-11-18 7.2 CVE-2022-42904
MISC
zyxel — lte3301-m209_firmware A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. 2022-11-22 9.8 CVE-2022-40602
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accessibility_project — accessibility Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress. 2022-11-18 4.8 CVE-2022-41643
CONFIRM
CONFIRM
aerocms_project — aerocms AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information. 2022-11-22 4.9 CVE-2022-45529
MISC
MISC
aerocms_project — aerocms AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. 2022-11-22 4.9 CVE-2022-45535
MISC
MISC
aerocms_project — aerocms AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information. 2022-11-22 4.9 CVE-2022-45536
MISC
MISC
agilelogix — store_locator Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. 2022-11-18 6.1 CVE-2022-41615
CONFIRM
CONFIRM
algolplus — phone_orders_for_woocommerce Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress. 2022-11-18 6.5 CVE-2022-41655
CONFIRM
CONFIRM
appsmith — appsmith Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. 2022-11-21 6.5 CVE-2022-4096
CONFIRM
MISC
awplife — event_monster The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack 2022-11-21 4.3 CVE-2022-3336
CONFIRM
backdropcms — backdrop Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the ‘Card’ content. 2022-11-22 4.8 CVE-2022-42094
MISC
MISC
MISC
MISC
backdropcms — backdrop Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via ‘Comment.’ . 2022-11-22 4.8 CVE-2022-42097
MISC
MISC
MISC
MISC
backdropcms — backdrop_cms Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. 2022-11-21 4.8 CVE-2022-42096
MISC
MISC
MISC
MISC
blood_donor_management_system_project — blood_donor_management_system Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. 2022-11-21 4.8 CVE-2022-40470
MISC
booster — booster_for_woocommerce The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite) 2022-11-21 6.5 CVE-2022-3762
CONFIRM
booster — booster_for_woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress. 2022-11-18 4.3 CVE-2022-41805
CONFIRM
caehealthcare — learningspace_enterprise CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. 2022-11-23 5.4 CVE-2022-45472
MISC
MISC
clevelandwebdeveloper — spacer The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). 2022-11-21 4.8 CVE-2022-3618
CONFIRM
code-atlantic — popup_maker The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-11-21 4.8 CVE-2022-3690
CONFIRM
codenotary — immudb immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server’s UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value reported by the server. A malicious server can change the reported UUID tricking the client to treat it as a different server thus accepting a state completely irrelevant to the one previously retrieved from the server. This issue has been patched in version 1.4.1. As a workaround, when initializing an immudb client object a custom state handler can be used to store the state. Providing custom implementation that ignores the server UUID can be used to ensure that even if the server changes the UUID, client will still consider it to be the same server. 2022-11-22 5.9 CVE-2022-39199
MISC
CONFIRM
codenotary — immudb immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability. This issue has been patched in version 1.4.1. 2022-11-23 5.3 CVE-2022-36111
MISC
MISC
CONFIRM
MISC
drachtio — drachtio-server In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. 2022-11-18 5.5 CVE-2022-45473
MISC
CONFIRM
elastic — kibana An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website. 2022-11-18 6.1 CVE-2021-22141
MISC
MISC
elastic — kibana It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user. 2022-11-18 5.4 CVE-2021-37936
MISC
MISC
evaluate_project — evaluate The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). 2022-11-21 4.8 CVE-2022-3753
CONFIRM
expresstech — quiz_and_survey_master Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. 2022-11-18 6.1 CVE-2022-40698
CONFIRM
fivestarplugins — five_star_restaurant_reservations The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments 2022-11-21 6.1 CVE-2022-0421
CONFIRM
flarum — flarum Flarum is an open source discussion platform. Flarum’s page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue. 2022-11-19 5.4 CVE-2022-41938
CONFIRM
MISC
MISC
ibm — datapower_gateway IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527. 2022-11-22 5.4 CVE-2022-40228
MISC
MISC
ibm — i_access_client_solutions IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581. 2022-11-21 6.7 CVE-2022-40746
MISC
MISC
inkthemes — ask_me The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation. 2022-11-21 4.7 CVE-2022-3750
CONFIRM
kiwitcms — kiwi_tcms A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page. 2022-11-21 5.4 CVE-2022-4105
CONFIRM
MISC
librenms — librenms Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0. 2022-11-20 6.1 CVE-2022-3516
CONFIRM
MISC
librenms — librenms Cross-site Scripting (XSS) – Generic in GitHub repository librenms/librenms prior to 22.10.0. 2022-11-20 6.1 CVE-2022-3561
CONFIRM
MISC
librenms — librenms Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0. 2022-11-20 5.4 CVE-2022-3562
CONFIRM
MISC
librenms — librenms Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0. 2022-11-20 5.4 CVE-2022-4067
MISC
CONFIRM
librenms — librenms Cross-site Scripting (XSS) – Generic in GitHub repository librenms/librenms prior to 22.10.0. 2022-11-20 4.8 CVE-2022-4069
MISC
CONFIRM
linaro — lava In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. 2022-11-18 6.5 CVE-2022-44641
MISC
linux — linux_kernel There is an infoleak vulnerability in the Linux kernel’s net/bluetooth/l2cap_core.c’s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url 2022-11-23 5.5 CVE-2022-42895
MISC
MISC
maarch — maarch_rm An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases. 2022-11-23 6.5 CVE-2022-37773
MISC
MISC
maarch — maarch_rm There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document’s URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication. 2022-11-23 5.3 CVE-2022-37774
MISC
MISC
maggioli — appalti_\&_contratti An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login. 2022-11-21 6.5 CVE-2022-44788
MISC
maggioli — appalti_\&_contratti An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. As an example, the onmouseenter attribute is not sanitized. 2022-11-21 6.1 CVE-2022-44787
MISC
matrix — synapse Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file. 2022-11-22 5.3 CVE-2022-41952
CONFIRM
MISC
MISC
MISC
MISC
mattermost — mattermost A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints. 2022-11-23 6.5 CVE-2022-4019
MISC
MISC
mattermost — mattermost A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages. 2022-11-23 6.5 CVE-2022-4044
MISC
MISC
mattermost — mattermost A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data. 2022-11-23 6.5 CVE-2022-4045
MISC
microfocus — filr A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1. 2022-11-21 5.3 CVE-2022-38755
MISC
mitel — mivoice_connect A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. 2022-11-22 6.8 CVE-2022-40765
MISC
MISC
mitel — mivoice_connect The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. 2022-11-22 6.8 CVE-2022-41223
MISC
MISC
moodle — moodle A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user’s browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages. 2022-11-23 6.1 CVE-2022-45150
MISC
MISC
MISC
moodle — moodle A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user’s CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks. 2022-11-23 5.4 CVE-2022-45149
MISC
MISC
MISC
moodle — moodle The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several “social” user profile fields. An attacker could inject and execute arbitrary HTML and script code in user’s browser in context of vulnerable website. 2022-11-23 5.4 CVE-2022-45151
MISC
MISC
MISC
mybb — mybb MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data 2022-11-22 6.1 CVE-2022-43707
MISC
MISC
mybb — mybb MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name 2022-11-22 6.1 CVE-2022-43708
MISC
MISC
mybb — mybb MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP’s Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. 2022-11-22 4.9 CVE-2022-43709
MISC
MISC
optilinknetwork — op-xt71000n_firmware A vulnerability in the “/admin/wlmultipleap.asp” of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID. 2022-11-21 6.5 CVE-2020-23582
MISC
optilinknetwork — op-xt71000n_firmware A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting the router through ” /mgm_dev_reboot.asp.” 2022-11-23 6.5 CVE-2020-23589
MISC
optilinknetwork — op-xt71000n_firmware A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for “WLAN SSID” through “wlwpa.asp”. 2022-11-23 6.5 CVE-2020-23590
MISC
optilinknetwork — op-xt71000n_firmware A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ‘ /mgm_log_cfg.asp.’ The system starts to log events, ‘Remote’ mode or ‘Both’ mode on “Syslog — Configuration page” logs events and sends to remote syslog server IP and Port. 2022-11-23 6.5 CVE-2020-23593
MISC
optilinknetwork — op-xt71000n_firmware A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule. 2022-11-23 4.3 CVE-2020-23586
MISC
optilinknetwork — op-xt71000n_firmware A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to “Enable or Disable Ports” and to “Change port number” through ” /rmtacc.asp “. 2022-11-23 4.3 CVE-2020-23588
MISC
oxilab — accordions Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key. 2022-11-18 4.8 CVE-2022-45082
CONFIRM
CONFIRM
password_storage_application_project — password_storage_application Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters. 2022-11-21 5.4 CVE-2022-43117
MISC
MISC
pencidesign — soledad Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress. 2022-11-18 5.4 CVE-2022-41788
CONFIRM
CONFIRM
pilz_gmbh_&_co._kg — multiple_products
 
A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes (‘zip-slip’). 2022-11-24 5.5 CVE-2022-40976
MISC
MISC
richplugins — plugin_for_google_reviews Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress. 2022-11-18 4.3 CVE-2022-45369
CONFIRM
seppmail — seppmail The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address. 2022-11-18 6.1 CVE-2021-31739
MISC
silabs — zigbee_emberznet A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. 2022-11-18 6.5 CVE-2022-24939
MISC
MISC
silverstripe — framework Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. 2022-11-22 6.1 CVE-2022-38462
MISC
MISC
MISC
silverstripe — framework Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). 2022-11-21 5.4 CVE-2022-38146
MISC
MISC
MISC
MISC
socket — engine.io Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1. 2022-11-22 6.5 CVE-2022-41940
MISC
MISC
CONFIRM
teacher_record_management_system_project — teacher_record_management_system A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page. 2022-11-22 4.8 CVE-2022-41445
MISC
MISC
MISC
MISC
themeum — wp_page_builder Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress. 2022-11-18 5.4 CVE-2022-40963
CONFIRM
CONFIRM
tooljet — tooljet Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB. 2022-11-22 6.5 CVE-2022-4111
MISC
CONFIRM
villatheme — s2w_-_import_shopify_to_woocommerce Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress. 2022-11-18 4.9 CVE-2022-44634
CONFIRM
CONFIRM
wbce — wbce_cms A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. 2022-11-21 4.8 CVE-2022-45012
MISC
MISC
MISC
wbce — wbce_cms A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field. 2022-11-21 4.8 CVE-2022-45013
MISC
MISC
MISC
wbce — wbce_cms A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field. 2022-11-21 4.8 CVE-2022-45014
MISC
MISC
MISC
wbce — wbce_cms A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field. 2022-11-21 4.8 CVE-2022-45015
MISC
MISC
MISC
wbce — wbce_cms A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. 2022-11-21 4.8 CVE-2022-45016
MISC
MISC
MISC
wbce — wbce_cms A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. 2022-11-21 4.8 CVE-2022-45017
MISC
MISC
MISC
webartesanal — mantenimiento_web Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. 2022-11-18 6.1 CVE-2022-38075
CONFIRM
wire — wire Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database. 2022-11-18 4.7 CVE-2022-43673
MISC
MISC
wordplus — better_messages Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. 2022-11-18 6.5 CVE-2022-40216
CONFIRM
CONFIRM
wp-polls_project — wp-polls The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. 2022-11-21 5.3 CVE-2022-1581
MISC
CONFIRM
wpbrigade — loginpress Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. 2022-11-18 5.3 CVE-2022-41839
CONFIRM
wpchill — customizable_wordpress_gallery_plugin_-_modula_image_gallery Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress. 2022-11-18 5.3 CVE-2022-41135
CONFIRM
wpml — wpml Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. 2022-11-18 4.3 CVE-2022-38974
CONFIRM
yikesinc — custom_product_tabs_for_woocommerce Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress. 2022-11-18 4.8 CVE-2022-43463
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
dalli_project — dalli A vulnerability was found in Dalli. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to apply a patch to fix this issue. VDB-214026 is the identifier assigned to this vulnerability. 2022-11-19 3.7 CVE-2022-4064
MISC
MISC
MISC
MISC
optilinknetwork — op-xt71000n_firmware A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes in RoutingConfiguration on ” /routing.asp “. 2022-11-23 3.1 CVE-2020-23587
MISC
wp-polls_project — wp-polls Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress. 2022-11-18 3.1 CVE-2022-40130
CONFIRM
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
airbnb — optica A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`. 2022-11-23 not yet calculated CVE-2022-41875
CONFIRM
MISC
MISC
amasty — amasty_blog Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. 2022-11-23 not yet calculated CVE-2022-35500
MISC
MISC
amasty — amasty_blog_pro Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. 2022-11-23 not yet calculated CVE-2022-35501
MISC
MISC

apache — dolphinscheduler

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher. 2022-11-24 not yet calculated CVE-2022-26885
MISC
apache — multiple_products Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version. 2022-11-22 not yet calculated CVE-2022-40189
MISC
MISC
apache — multiple_products Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed). 2022-11-22 not yet calculated CVE-2022-41131
MISC
MISC
apache — multiple_products
 
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed). 2022-11-22 not yet calculated CVE-2022-40954
MISC
MISC

apache –airflow_pinot_provider

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version. 2022-11-22 not yet calculated CVE-2022-38649
MISC
MISC
artifex — mujs A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. 2022-11-23 not yet calculated CVE-2022-44789
MISC
MISC
CONFIRM
asith-eranga — isic_tour File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. 2022-11-22 not yet calculated CVE-2022-30529
MISC
MISC
automotive_shop_management_system — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img. 2022-11-23 not yet calculated CVE-2022-44280
MISC
automotive_shop_management_system — automotive_shop_management_system  Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php. 2022-11-25 not yet calculated CVE-2022-44858
MISC
automotive_shop_management_system — automotive_shop_management_system  Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php. 2022-11-25 not yet calculated CVE-2022-44859
MISC
automotive_shop_management_system — automotive_shop_management_system  Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php. 2022-11-25 not yet calculated CVE-2022-44860
MISC
backdrop_cms — backdrop_cms Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. 2022-11-23 not yet calculated CVE-2022-42095
MISC
MISC
MISC
MISC
MISC
badaso — badaso Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. 2022-11-25 not yet calculated CVE-2022-41705
MISC
MISC

basercms — basercms

BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability. 2022-11-25 not yet calculated CVE-2022-39325
CONFIRM
MISC
MISC
bat-c2 — bat-c2 The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor’s ID is BSECV-2022-21. 2022-11-25 not yet calculated CVE-2022-40282
MISC
boa — boa Boa 0.94.14rc21 is vulnerable to SQL Injection via username. 2022-11-23 not yet calculated CVE-2022-44117
MISC
book_store_management_system — book_store_management_system Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. 2022-11-25 not yet calculated CVE-2022-45225
MISC
bouncy_castle — bc-fja An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11. 2022-11-21 not yet calculated CVE-2022-45146
MISC
CONFIRM

churchinfo — churchinfo

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server. 2022-11-23 not yet calculated CVE-2021-43258
MISC
MISC
MISC
codeigniter — codeigniter An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data. 2022-11-23 not yet calculated CVE-2022-41446
MISC
MISC
MISC
MISC
dedecmdv6 — dedecmdv6 dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. 2022-11-23 not yet calculated CVE-2022-43196
MISC

dedecmdv6 — dedecmdv6

dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. 2022-11-23 not yet calculated CVE-2022-44118
MISC

dedecmdv6 — dedecmdv6

dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. 2022-11-23 not yet calculated CVE-2022-44120
MISC
drachtio — drachtio-server drachtio-server 0.8.18 has a heap-based buffer over-read via a long Request-URI in an INVITE request. 2022-11-26 not yet calculated CVE-2022-45909
MISC
etms — ondiskplayeragent Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code. 2022-11-25 not yet calculated CVE-2022-41156
MISC
eyoom — eyoom_builder Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code. 2022-11-25 not yet calculated CVE-2022-41158
MISC
eyoucms — eyoucms A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2022-11-23 not yet calculated CVE-2022-45280
MISC

f-secure — endpoint_protection

In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. 2022-11-25 not yet calculated CVE-2022-38166
MISC
filecloud — filecloud FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. 2022-11-23 not yet calculated CVE-2022-39833
CONFIRM
MISC
fortiguard_labs — multiple_products An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. 2022-11-25 not yet calculated CVE-2022-38377
MISC
frappe — frappe Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. 2022-11-25 not yet calculated CVE-2022-41712
MISC
MISC
github — enterprise_server CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program. 2022-11-23 not yet calculated CVE-2022-23740
MISC
google — chrome Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) 2022-11-25 not yet calculated CVE-2022-4135
MISC
MISC
grails — grails_spring_security_core Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack. This vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1. Impacted Applications: Grails Spring Security Core plugin versions: 1.x 2.x >=3.0.0 <3.3.2 >=4.0.0 <4.0.5 >=5.0.0 <5.1.1 We strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin. Workarounds: Users should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration: * `AnnotationFilterInvocationDefinition` * `InterceptUrlMapFilterInvocationDefinition` * `RequestmapFilterInvocationDefinition` In each case, the subclass should override the `calculateUri` method like so: “` @Override protected String calculateUri(HttpServletRequest request) { UrlPathHelper.defaultInstance.getRequestUri(request) } “` This should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin. 2022-11-23 not yet calculated CVE-2022-41923
CONFIRM
MISC
MISC

h2 — database_engine

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states “This is not a vulnerability of H2 Console … Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.” 2022-11-23 not yet calculated CVE-2022-45868
MISC
MISC

hewlett_packard_enterprise — netbatch-plus

A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details. 2022-11-22 not yet calculated CVE-2022-37931
MISC
hitachi_energy — multiple_products An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user’s role. 2022-11-21 not yet calculated CVE-2022-3388
MISC
hitachi_energy — pcm600 A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database. An attacker who manages to get access to the exported backup file can exploit the vulnerability and obtain credentials of the IEDs. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs. 2022-11-22 not yet calculated CVE-2022-2513
MISC

human_resource_management_system — human_resource_management_system  

Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message. 2022-11-25 not yet calculated CVE-2022-45218
MISC
MISC

insyde — insydeh20

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O. 2022-11-22 not yet calculated CVE-2022-35407
MISC
MISC

insyde — insydeh2o

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code. 2022-11-21 not yet calculated CVE-2022-35897
MISC
MISC
insyde — insydeh2o In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: “In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.” 2022-11-22 not yet calculated CVE-2022-36227
MISC
MISC
insyde — insydeh2o An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code. 2022-11-23 not yet calculated CVE-2022-36337
MISC
MISC
ipxe — ipxe A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability. 2022-11-21 not yet calculated CVE-2022-4087
MISC
MISC

iterm2 — iterm2

iTerm2 before 3.4.18 mishandles a DECRQSS response. 2022-11-23 not yet calculated CVE-2022-45872
MISC
jeecg-boot — jeecg-boot Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. 2022-11-25 not yet calculated CVE-2022-45205
MISC
MISC
jeecg-boot — jeecg-boot Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check. 2022-11-25 not yet calculated CVE-2022-45206
MISC
MISC
jeecg-boot — jeecg-boot Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. 2022-11-25 not yet calculated CVE-2022-45207
MISC
MISC
jeecg-boot — jeecg-boot Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. 2022-11-25 not yet calculated CVE-2022-45208
MISC
MISC
jeecg-boot — jeecg-boot Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. 2022-11-25 not yet calculated CVE-2022-45210
MISC
MISC
jizhicms — jizhicms An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html 2022-11-23 not yet calculated CVE-2021-29334
MISC
jizhicms — jizhicms Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. 2022-11-23 not yet calculated CVE-2022-44140
MISC
jizhicms — jizhicms Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. 2022-11-23 not yet calculated CVE-2022-45278
MISC
keylime — keylime A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. 2022-11-22 not yet calculated CVE-2022-3500
MISC
MISC
knime — analytics_platform A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user’s system. This vulnerability is also known as ‘Zip-Slip’. An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It’s not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is wrong because an error is being reported but only after the files have already been written. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the user. In all cases the attacker has to know the location of files on the user’s system, though. 2022-11-24 not yet calculated CVE-2022-44749
MISC

knime — server

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server’s file system. This vulnerability is also known as ‘Zip-Slip’. An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server’s file system, though. Note that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor’s operating system user. There is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised. 2022-11-24 not yet calculated CVE-2022-44748
MISC
librenms — librenms/librenms A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin’s account. 2022-11-20 not yet calculated CVE-2022-4068
MISC
CONFIRM
libxml2 — libxml2 An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. 2022-11-23 not yet calculated CVE-2022-40303
MISC
MISC
libxml2 — libxml2 An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. 2022-11-23 not yet calculated CVE-2022-40304
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. 2022-11-25 not yet calculated CVE-2022-45884
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. 2022-11-25 not yet calculated CVE-2022-45885
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. 2022-11-25 not yet calculated CVE-2022-45886
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. 2022-11-25 not yet calculated CVE-2022-45887
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. 2022-11-25 not yet calculated CVE-2022-45888
MISC
manage_engine — manage_engine Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. 2022-11-23 not yet calculated CVE-2022-40770
MISC
MISC
manage_engine — manage_engine
 
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. 2022-11-23 not yet calculated CVE-2022-40771
MISC
MISC
manage_engine — manage_engine
 
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. 2022-11-23 not yet calculated CVE-2022-40772
MISC
MISC
mcafee — total_protection McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges. 2022-11-23 not yet calculated CVE-2022-43751
MISC
MISC

microweber — microweber

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the ‘select-file’ parameter. 2022-11-25 not yet calculated CVE-2022-0698
MISC
MISC

microweber — microweber

Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack. 2022-11-22 not yet calculated CVE-2022-33012
MISC
MISC
MISC
MISC
mitsubishi electric — multiple_products Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command. 2022-11-24 not yet calculated CVE-2022-40266
MISC
MISC

mitsubishi_electric — gx_works3

Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 all versions allows an unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. 2022-11-25 not yet calculated CVE-2022-29825
MISC
MISC

mitsubishi_electric — gx_works3

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions 1.086Q and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. 2022-11-25 not yet calculated CVE-2022-29826
MISC
MISC

mitsubishi_electric — gx_works3

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. 2022-11-25 not yet calculated CVE-2022-29827
MISC
MISC

mitsubishi_electric — gx_works3

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. 2022-11-25 not yet calculated CVE-2022-29828
MISC
MISC

mitsubishi_electric — gx_works3

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information . As a result, unauthorized users may view or execute programs illegally. 2022-11-25 not yet calculated CVE-2022-29829
MISC
MISC

mitsubishi_electric — gx_works3

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthorized users may obtain information about project files illegally. 2022-11-25 not yet calculated CVE-2022-29830
MISC
MISC

mitsubishi_electric — gx_works3

Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to obtain information about the project file for MELSEC safety CPU modules. 2022-11-25 not yet calculated CVE-2022-29831
MISC
MISC

mitsubishi_electric — gx_works3

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could obtain information about the project file for MELSEC safety CPU modules. 2022-11-25 not yet calculated CVE-2022-29832
MISC
MISC

mitsubishi_electric — gx_works3

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could access to MELSEC safety CPU modules illgally. 2022-11-25 not yet calculated CVE-2022-29833
MISC
MISC
mitsubishi_electric — multiple_products Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users can gain unauthorized access to the CPU module and the OPC UA server module. 2022-11-25 not yet calculated CVE-2022-25164
MISC
MISC
moodle — moodle A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle’s inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. 2022-11-25 not yet calculated CVE-2022-45152
MISC
MISC
MISC
mpxj– mpxj MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ’s use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r–r–`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files. 2022-11-25 not yet calculated CVE-2022-41954
CONFIRM
MISC
nextcloud — nextcloud_desktop Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. 2022-11-25 not yet calculated CVE-2022-39331
MISC
MISC
CONFIRM
nextcloud — nextcloud_desktop Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. 2022-11-25 not yet calculated CVE-2022-39332
MISC
MISC
CONFIRM
nextcloud — nextcloud_desktop Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue. 2022-11-25 not yet calculated CVE-2022-39333
MISC
CONFIRM
MISC
nextcloud — nextcloud_desktop Nextcloud desktop is the desktop sync client for Nextcloud. Versions prior to 3.6.1 would incorrectly trust invalid TLS certificates. A Man-in-the-middle attack is possible in case a user can be made running a nextcloudcmd CLI command locally. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this vulnerability. 2022-11-25 not yet calculated CVE-2022-39334
MISC
CONFIRM
MISC
MISC
nextcloud — security-advisories user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this vulnerability has only been shown to be exploitable in the Safari web browser. This issue has been addressed in version 1.2.1. Users are advised to upgrade. Users unable to upgrade should urge their users to avoid using the Safari web browser. 2022-11-25 not yet calculated CVE-2022-39338
CONFIRM
MISC
MISC
nextcloud — security-advisories user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings). 2022-11-25 not yet calculated CVE-2022-39339
MISC
MISC
CONFIRM
nextcloud — security-advisories Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue. 2022-11-25 not yet calculated CVE-2022-39346
CONFIRM
MISC
MISC
nextcloud — security-advisories Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue. 2022-11-25 not yet calculated CVE-2022-41926
MISC
CONFIRM
MISC

nxp — multiple_products

An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.) 2022-11-18 not yet calculated CVE-2022-45163
MISC
MISC
MISC

octopus_deploy — octopus_server

In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. 2022-11-25 not yet calculated CVE-2022-2721
MISC
orchard — orchard_cms Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim’s browser. 2022-11-25 not yet calculated CVE-2022-37720
MISC
MISC
MISC
paddlepaddle — paddlepaddle In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. 2022-11-26 not yet calculated CVE-2022-45908
MISC
MISC
pgjdbc — pgjdbc pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system’s temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability. 2022-11-23 not yet calculated CVE-2022-41946
MISC
CONFIRM
phpgurukul — blood_donor_management_system PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. 2022-11-25 not yet calculated CVE-2022-38813
MISC
MISC
MISC
MISC
pyro — pyrocms PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. 2022-11-25 not yet calculated CVE-2022-37721
MISC
MISC
pytorch — pytorch In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. 2022-11-26 not yet calculated CVE-2022-45907
MISC
MISC
qmpaas — qmpaas/leadshop Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method. 2022-11-24 not yet calculated CVE-2022-4136
CONFIRM
MISC
qpress — qpress qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file. 2022-11-23 not yet calculated CVE-2022-45866
MISC
MISC
MISC
MISC
MISC

qs — qs

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has “deps: [email protected]” in its release description, is not vulnerable). 2022-11-26 not yet calculated CVE-2022-24999
MISC
CONFIRM
CONFIRM
rizalafani — cms-php SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. 2022-11-23 not yet calculated CVE-2021-35284
MISC
sanitization_management_system — sanitization_management_system Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=. 2022-11-23 not yet calculated CVE-2022-44278
MISC
schneider_electric — multiple_products A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24) 2022-11-22 not yet calculated CVE-2022-0222
CONFIRM

schneider_electric — multiple_products

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior) 2022-11-22 not yet calculated CVE-2022-37301
CONFIRM
seiko_epson_corporation — multiple_products The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. 2022-11-25 not yet calculated CVE-2022-36133
MISC
MISC
silverstripe — multiple_products Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. 2022-11-23 not yet calculated CVE-2022-38724
MISC
MISC
MISC
MISC
silverstripe — silverstripe/cms Silverstripe silverstripe/cms through 4.11.0 allows XSS. 2022-11-23 not yet calculated CVE-2022-37421
MISC
MISC
MISC
MISC
silverstripe — silverstripe/framework Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. 2022-11-23 not yet calculated CVE-2022-37429
MISC
MISC
MISC
MISC
silverstripe — silverstripe/framework Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). 2022-11-23 not yet calculated CVE-2022-37430
MISC
MISC
MISC
MISC

silverstripe — silverstripe/framework

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page’s meta description and get it executed in the versioned history compare view. 2022-11-23 not yet calculated CVE-2022-38145
MISC
MISC
MISC
MISC

silverstripe — silverstripe/framework

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). 2022-11-23 not yet calculated CVE-2022-38147
MISC
MISC
MISC
MISC
solarwinds — ets The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user’s network traffic could bypass the application’s use of SSL/TLS encryption and use the application as a platform for attacks against its users. 2022-11-23 not yet calculated CVE-2021-35246
MISC
MISC
MISC
solarwinds — sem This vulnerability discloses build and services versions in the server response header. 2022-11-23 not yet calculated CVE-2022-38113
MISC
MISC
solarwinds — sem This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. 2022-11-23 not yet calculated CVE-2022-38114
MISC
MISC
solarwinds — sem Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT 2022-11-23 not yet calculated CVE-2022-38115
MISC
MISC
sourcecodester — billing_system_project Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php. 2022-11-22 not yet calculated CVE-2022-43212
MISC
MISC
sourcecodester — billing_system_project Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. 2022-11-23 not yet calculated CVE-2022-43213
MISC
MISC
sourcecodester — canteen_management_system
 
A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359. 2022-11-25 not yet calculated CVE-2022-4091
MISC
MISC
spatie — browsershot Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method. 2022-11-25 not yet calculated CVE-2022-41706
MISC
MISC
spatie — browsershot Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL’s that use the file:// protocol. 2022-11-25 not yet calculated CVE-2022-43983
MISC
MISC
spatie — browsershot Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol. 2022-11-25 not yet calculated CVE-2022-43984
MISC
MISC
stock_management_system — stock_management_system A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability. 2022-11-24 not yet calculated CVE-2022-4088
MISC
MISC
stock_management_system — stock_management_system A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214324. 2022-11-24 not yet calculated CVE-2022-4089
MISC
MISC
stock_management_system — stock_management_system A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331. 2022-11-24 not yet calculated CVE-2022-4090
MISC
MISC
super-xray — super-xray super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ??into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta. 2022-11-21 not yet calculated CVE-2022-41945
CONFIRM
MISC
super-xray — super-xray super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue. 2022-11-25 not yet calculated CVE-2022-41958
MISC
CONFIRM

systemd — systemd

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. 2022-11-23 not yet calculated CVE-2022-45873
MISC
MISC
MISC
tailscale — tailscale A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue. 2022-11-23 not yet calculated CVE-2022-41924
CONFIRM
MISC
MISC
tailscale — tailscale A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node’s Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the node’s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user’s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop. All Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue. 2022-11-23 not yet calculated CVE-2022-41925
CONFIRM
MISC
MISC

technitium_software — dns_server

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for “Ghost” domain names. 2022-11-21 not yet calculated CVE-2022-30257
MISC

technitium_software — dns_server

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for “Ghost” domain names. 2022-11-21 not yet calculated CVE-2022-30258
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set. 2022-11-21 not yet calculated CVE-2022-44171
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler. 2022-11-21 not yet calculated CVE-2022-44172
MISC

tenda — ac18

Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. 2022-11-21 not yet calculated CVE-2022-44174
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. 2022-11-21 not yet calculated CVE-2022-44175
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. 2022-11-21 not yet calculated CVE-2022-44176
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. 2022-11-21 not yet calculated CVE-2022-44177
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. 2022-11-21 not yet calculated CVE-2022-44178
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter. 2022-11-21 not yet calculated CVE-2022-44180
MISC

tenda — ac18

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. 2022-11-21 not yet calculated CVE-2022-44183
MISC

tiny_file_manager — tiny_file_manager

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files. 2022-11-25 not yet calculated CVE-2022-23044
MISC
MISC
tiny_file_manager — tiny_file_manager Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files. 2022-11-25 not yet calculated CVE-2022-45475
MISC
MISC
tiny_file_manager — tiny_file_manager Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files. 2022-11-25 not yet calculated CVE-2022-45476
MISC
MISC

totolink — a7100ru

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. 2022-11-25 not yet calculated CVE-2022-44843
MISC

totolink — a7100ru

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. 2022-11-25 not yet calculated CVE-2022-44844
MISC
tu6ge — oss-rs aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1. 2022-11-22 not yet calculated CVE-2022-39397
MISC
CONFIRM
vim — vim/vim The target’s backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable. 2022-11-25 not yet calculated CVE-2022-4141
CONFIRM
MISC
vmware — open-vm-tools An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled. 2022-11-23 not yet calculated CVE-2009-1142
MISC
MISC
vmware — open-vm-tools An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter). 2022-11-23 not yet calculated CVE-2009-1143
MISC
MISC
wbce — wbce_cms A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. 2022-11-25 not yet calculated CVE-2022-45036
MISC
wbce — wbce_cms A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. 2022-11-25 not yet calculated CVE-2022-45037
MISC
wbce — wbce_cms A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. 2022-11-25 not yet calculated CVE-2022-45038
MISC
wbce — wbce_cms An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. 2022-11-25 not yet calculated CVE-2022-45039
MISC
wbce — wbce_cms A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. 2022-11-25 not yet calculated CVE-2022-45040
MISC
web_based_quiz_system — web_based_quiz_system Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users’ passwords via a bruteforce attack. 2022-11-25 not yet calculated CVE-2022-44411
MISC
webcash — serp_server A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands. 2022-11-25 not yet calculated CVE-2022-41157
MISC
wger — wger Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2. 2022-11-24 not yet calculated CVE-2022-2650
CONFIRM
MISC

wind_river — vxworks

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. 2022-11-25 not yet calculated CVE-2022-38767
MISC
MISC
wordpress — wordpress The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc.. 2022-11-21 not yet calculated CVE-2022-3861
MISC
MISC
MISC
wordpress — wordpress Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. 2022-11-22 not yet calculated CVE-2022-44737
MISC

wordpress — wordpress

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress. 2022-11-22 not yet calculated CVE-2022-45363
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on main wiki or edit the page and apply the changed described in commit fb49b4f. 2022-11-22 not yet calculated CVE-2022-41937
MISC
MISC
CONFIRM
xwiki — xwiki-platform
 
XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It’s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: “` #if (!$services.csrf.isTokenValid($request.get(‘form_token’))) #set ($discard = $response.sendError(401, “Wrong CSRF token”)) #end “` 2022-11-23 not yet calculated CVE-2022-41927
MISC
CONFIRM
xwiki — xwiki-platform
 
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: – 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 – 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 – 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 2022-11-23 not yet calculated CVE-2022-41928
CONFIRM
MISC
xwiki — xwiki-platform
 
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1. 2022-11-23 not yet calculated CVE-2022-41929
CONFIRM
MISC
MISC
xwiki — xwiki-platform
 
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page `XWiki.XWikiUserProfileSheet` in the wiki and by performing the changes contained in https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa. 2022-11-23 not yet calculated CVE-2022-41930
MISC
MISC
CONFIRM
xwiki — xwiki-platform
 
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes. 2022-11-23 not yet calculated CVE-2022-41931
MISC
MISC
CONFIRM
xwiki — xwiki-platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue. 2022-11-23 not yet calculated CVE-2022-41932
MISC
CONFIRM
xwiki — xwiki-platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the “Forgot your password” link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It’s also possible for administrators to set some properties for the migration: it’s possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won’t be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords. 2022-11-23 not yet calculated CVE-2022-41933
MISC
MISC
MISC
CONFIRM
MISC
xwiki — xwiki-platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate. 2022-11-23 not yet calculated CVE-2022-41934
CONFIRM
MISC
MISC
MISC
MISC
xwiki — xwiki-platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue. 2022-11-23 not yet calculated CVE-2022-41935
CONFIRM
MISC
MISC
xwiki — xwiki-platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user’s rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds. 2022-11-22 not yet calculated CVE-2022-41936
CONFIRM
MISC
MISC
yiisoft — yii
 
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27. 2022-11-23 not yet calculated CVE-2022-41922
CONFIRM
MISC
yjcms — yjcms An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. 2022-11-23 not yet calculated CVE-2022-45276
MISC
yoroi — fusiondirectory Fusiondirectory 1.3 suffers from Improper Session Handling. 2022-11-22 not yet calculated CVE-2022-36179
MISC
MISC
yoroi — fusiondirectory Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. 2022-11-22 not yet calculated CVE-2022-36180
MISC
MISC
zte — mf286r There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection. 2022-11-22 not yet calculated CVE-2022-39066
MISC

zte — mf286r

There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. 2022-11-22 not yet calculated CVE-2022-39067
MISC

zte — pon_olt

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. 2022-11-22 not yet calculated CVE-2022-39070
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn