US-CERT Bulletin (SB22-255):Vulnerability Summary for the Week of September 5, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — airflow In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. 2022-09-02 not yet calculated CVE-2022-38054
CONFIRM
MLIST
apache — airflow In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `–daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. 2022-09-02 not yet calculated CVE-2022-38170
CONFIRM
MLIST
MLIST
apache — iotdb Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue. 2022-09-05 not yet calculated CVE-2022-38369
MISC
MLIST
apache — iotdb Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue. 2022-09-05 not yet calculated CVE-2022-38370
MISC
MLIST
apache — ofbiz Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS. 2022-09-02 not yet calculated CVE-2022-25370
CONFIRM
MLIST
MLIST
apache — ofbiz Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier. 2022-09-02 not yet calculated CVE-2022-25371
CONFIRM
MLIST
MLIST
apache — ofbiz In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the “Contact us” page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. 2022-09-02 not yet calculated CVE-2022-25813
CONFIRM
MLIST
apache — ofbiz The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646. 2022-09-02 not yet calculated CVE-2022-29063
CONFIRM
MLIST
apache — ofbiz
 
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599 2022-09-02 not yet calculated CVE-2022-29158
CONFIRM
MLIST
appsmith — appsmith Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak. 2022-09-05 not yet calculated CVE-2022-39824
MISC
MISC
asp.net_core — miniblog.core Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field. 2022-09-02 not yet calculated CVE-2022-37679
MISC
atlassian — jira The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint. 2022-09-05 not yet calculated CVE-2022-38367
MISC
MISC
avaya — ip_office_admin_lite_and_usb_creator A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. 2022-09-02 not yet calculated CVE-2021-25657
CONFIRM
bitdefender — bitdefender_gravityzone_console Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2. 2022-09-05 not yet calculated CVE-2022-2830
MISC
blackboard — learn Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. 2022-09-05 not yet calculated CVE-2022-39196
MISC
blogengine — blogengine BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. 2022-09-02 not yet calculated CVE-2022-36600
MISC
chatwoot — chatwoot
 
Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. 2022-09-06 not yet calculated CVE-2022-2901
MISC
CONFIRM
cotonti — siena Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post. 2022-09-05 not yet calculated CVE-2022-39839
MISC
cotonti — siena Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM). 2022-09-05 not yet calculated CVE-2022-39840
MISC
databasir — databasir
 
Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7. 2022-09-02 not yet calculated CVE-2022-31196
MISC
CONFIRM
MISC
dell — multiple_products
 
Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. 2022-09-02 not yet calculated CVE-2022-34382
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. 2022-09-02 not yet calculated CVE-2022-34371
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. 2022-09-02 not yet calculated CVE-2022-34369
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. 2022-09-02 not yet calculated CVE-2022-34378
MISC
discourse — discourse Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. 2022-09-02 not yet calculated CVE-2022-37458
MISC
MISC
MISC
dokuwiki — dokuwiki Cross-site Scripting (XSS) – Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. 2022-09-05 not yet calculated CVE-2022-3123
MISC
CONFIRM
drakkan — sftpgo SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP. In SFTPGo versions from version 2.2.0 to 2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the user’s password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time. This issue has been fixed in version 2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it. 2022-09-02 not yet calculated CVE-2022-36071
MISC
CONFIRM
drawio — drawio Cross-site Scripting (XSS) – Stored in GitHub repository jgraph/drawio prior to 20.2.8. 2022-09-05 not yet calculated CVE-2022-3127
CONFIRM
MISC
drawio — drawio Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. 2022-09-02 not yet calculated CVE-2022-3065
CONFIRM
MISC
gagliardetto — binary
 
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it’s possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice. 2022-09-02 not yet calculated CVE-2022-36078
CONFIRM
MISC
MISC
garage_management_system — garage_management_system An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. 2022-09-02 not yet calculated CVE-2022-36638
MISC
MISC
garage_management_system — garage_management_system Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. 2022-09-02 not yet calculated CVE-2022-36636
MISC
MISC
garage_management_system — garage_management_system Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. 2022-09-02 not yet calculated CVE-2022-36637
MISC
MISC
garage_management_system — garage_management_system A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. 2022-09-02 not yet calculated CVE-2022-36639
MISC
MISC
geonetwork — geonetwork
 
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0. 2022-09-05 not yet calculated CVE-2021-28398
MISC
CONFIRM
MISC
MISC
grafana — grafana_image_renderer Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer). 2022-09-02 not yet calculated CVE-2022-31176
CONFIRM
MISC
hitachi — raid_manager_storage_replicationadapter OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. 2022-09-06 not yet calculated CVE-2022-34883
MISC
hitachi — raid_manager_storage_replicationadapter Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. 2022-09-06 not yet calculated CVE-2022-34882
MISC
ibm — 123elf_lotus_1-2-3
 
123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from process_fmt() that can be reached via a w3r_format element in a wk3 document. 2022-09-05 not yet calculated CVE-2022-39843
MISC
MISC
kkfileview — kkfileview kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. 2022-09-02 not yet calculated CVE-2022-36593
MISC
libdwarf — libdwarf libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. 2022-09-02 not yet calculated CVE-2022-39170
MISC
MISC
libvnclient — libvnclient libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). 2022-09-02 not yet calculated CVE-2020-29260
MISC
linux — bluez BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. 2022-09-02 not yet calculated CVE-2022-39177
MISC
MISC
linux — bluez BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. 2022-09-02 not yet calculated CVE-2022-39176
MISC
MISC
linux — linux_kernel An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. 2022-09-02 not yet calculated CVE-2022-39189
MISC
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. 2022-09-02 not yet calculated CVE-2022-39190
MISC
MISC
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. 2022-09-05 not yet calculated CVE-2022-39842
MISC
MISC
linux — linux_kernel An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. 2022-09-02 not yet calculated CVE-2022-39188
MISC
MISC
MISC
MISC
MISC
mediawiki — mediawiki An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed. 2022-09-02 not yet calculated CVE-2022-39194
MISC
modsecurity — owasp-modsecurity-crs Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. 2022-09-02 not yet calculated CVE-2020-22669
CONFIRM
MISC
mybatis — mapper Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. 2022-09-02 not yet calculated CVE-2022-36594
MISC
nodebb — nodebb
 
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2. 2022-09-02 not yet calculated CVE-2022-36076
MISC
CONFIRM
MISC
online_food_ordering_system — online_food_ordering_system Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. 2022-09-02 not yet calculated CVE-2022-36759
MISC
otrs_ag — otrs Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package 2022-09-05 not yet calculated CVE-2022-39051
CONFIRM
otrs_ag — otrs
 
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap 2022-09-05 not yet calculated CVE-2022-39050
CONFIRM
otrs_ag — otrs
 
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. 2022-09-05 not yet calculated CVE-2022-39049
CONFIRM
pfsense — pfblockerng pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. 2022-09-05 not yet calculated CVE-2022-31814
MISC
MISC
pkuvcl — pkuvcl_davs2 PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. 2022-09-02 not yet calculated CVE-2022-36647
MISC
prestashop — prestashop This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator’s cookie. The issue is fixed in version 5.0.2. 2022-09-02 not yet calculated CVE-2022-35933
CONFIRM
MISC
pspp — pspp An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2022-09-05 not yet calculated CVE-2022-39832
MISC
pspp — pspp
 
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230. 2022-09-05 not yet calculated CVE-2022-39831
MISC
publiccms — publiccms Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. 2022-09-02 not yet calculated CVE-2021-27693
MISC
MISC
qualcomm — snapdragon Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-25680
CONFIRM
qualcomm — snapdragon Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-22069
CONFIRM
qualcomm — snapdragon Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22096
CONFIRM
qualcomm — snapdragon Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35122
CONFIRM
qualcomm — snapdragon Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2022-09-02 not yet calculated CVE-2022-22080
CONFIRM
qualcomm — snapdragon Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-22070
CONFIRM
qualcomm — snapdragon Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22067
CONFIRM
qualcomm — snapdragon Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22099
CONFIRM
qualcomm — snapdragon An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-09-02 not yet calculated CVE-2022-22062
CONFIRM
qualcomm — snapdragon Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22061
CONFIRM
qualcomm — snapdragon Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22059
CONFIRM
qualcomm — snapdragon Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35108
CONFIRM
qualcomm — snapdragon Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35097
CONFIRM
qualcomm — snapdragon Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35132
CONFIRM
qualcomm — snapdragon Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35133
CONFIRM
qualcomm — snapdragon Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT 2022-09-02 not yet calculated CVE-2022-22097
CONFIRM
qualcomm — snapdragon Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22098
CONFIRM
qualcomm — snapdragon A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35135
CONFIRM
qualcomm — snapdragon Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25657
CONFIRM
qualcomm — snapdragon Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25668
CONFIRM
qualcomm — snapdragon Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35134
CONFIRM
qualcomm — snapdragon Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22101
CONFIRM
qualcomm — snapdragon Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22102
CONFIRM
qualcomm — snapdragon Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25659
CONFIRM
qualcomm — snapdragon Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22104
CONFIRM
qualcomm — snapdragon Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22106
CONFIRM
qualcomm — snapdragon Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35113
CONFIRM
qualcomm — snapdragon Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25658
CONFIRM
qualcomm — snapdragon Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22100
CONFIRM
qualcomm — snapdragon
 
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35109
CONFIRM
rosariosis — rosariosis Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. 2022-09-06 not yet calculated CVE-2022-2714
CONFIRM
MISC
samsung — mtower sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. 2022-09-05 not yet calculated CVE-2022-39830
MISC
MISC
MISC
samsung — mtower
 
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. 2022-09-05 not yet calculated CVE-2022-39829
MISC
MISC
MISC
samsung — mtower
 
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service. 2022-09-05 not yet calculated CVE-2022-39828
MISC
MISC
MISC
snakeyaml — snakeyaml Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. 2022-09-05 not yet calculated CVE-2022-38749
MISC
MISC
snakeyaml — snakeyaml Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. 2022-09-05 not yet calculated CVE-2022-38750
MISC
MISC
snakeyaml — snakeyaml Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. 2022-09-05 not yet calculated CVE-2022-38751
MISC
MISC
snakeyaml — snakeyaml
 
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. 2022-09-05 not yet calculated CVE-2022-38752
MISC
MISC
sourcecodehero — sourcecodehero_erp_system_project A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability. 2022-09-04 not yet calculated CVE-2022-3118
MISC
MISC
sourcecodester — clinics_patient_management_system A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability. 2022-09-05 not yet calculated CVE-2022-3122
MISC
MISC
sourcecodester — clinics_patient_management_system A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-207847. 2022-09-05 not yet calculated CVE-2022-3120
MISC
MISC
sourcecodester — clinic’s_patient_management_system Clinic’s Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. 2022-09-02 not yet calculated CVE-2022-36609
MISC
sourcecodester — expense_management_system Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. 2022-09-02 not yet calculated CVE-2022-36754
MISC
sourcecodester — online_employee_leave_management_system A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability. 2022-09-05 not yet calculated CVE-2022-3121
MISC
synapse — synapse
 
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround. 2022-09-02 not yet calculated CVE-2022-31152
MISC
MISC
MISC
CONFIRM
systematic_fix_adapter — systematic_fix_adapter Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames. 2022-09-05 not yet calculated CVE-2022-39838
MISC
MISC
MISC
telos_alliance — omnia_mpx_node
 
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands. 2022-09-02 not yet calculated CVE-2022-36642
MISC
MISC
MISC
MISC
tinygltf — tinygltf
 
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751 2022-09-05 not yet calculated CVE-2022-3008
CONFIRM
CONFIRM
CONFIRM
CONFIRM
vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0360. 2022-09-03 not yet calculated CVE-2022-3099
CONFIRM
MISC
wolfssl — wolfssl wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. 2022-09-02 not yet calculated CVE-2021-44718
MISC
MISC
wordpress — wordpress The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site. 2022-09-05 not yet calculated CVE-2022-2083
MISC
MISC
wordpress — wordpress The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-09-05 not yet calculated CVE-2022-2271
MISC
wordpress — wordpress The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users 2022-09-05 not yet calculated CVE-2022-2376
MISC
wordpress — wordpress The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts 2022-09-05 not yet calculated CVE-2022-2543
MISC
wordpress — wordpress The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins 2022-09-05 not yet calculated CVE-2022-2565
MISC
wordpress — wordpress The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts 2022-09-05 not yet calculated CVE-2022-2597
MISC
wordpress — wordpress The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors (reporter by the submitter) or update arbitrary order status (identified by WPScan when verifying the issue) for example. Other unauthenticated attacks are also possible, either directly or via CSRF 2022-09-05 not yet calculated CVE-2022-2657
MISC
wordpress — wordpress The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-09-05 not yet calculated CVE-2022-2775
MISC
zyxel — nas326
 
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. 2022-09-06 not yet calculated CVE-2022-34747
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn