Month: November 2022

alerts

CISA Releases Seven Industrial Control Systems Advisories

Post author By admin
Post date November 29, 2022

Original release date: November 29, 2022

CISA released seven (7) Industrial Control Systems (ICS) advisories on November 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:

ICSA-22-333-01 Mitsubishi Electric GOT2000
ICSA-22-333-02 Hitachi Energys IED Connectivity Packages and PCM600 Products
ICSA-22-333-03 Hitachi Energys MicroSCADA ProX SYS600 Products
ICSA-22-333-04 Moxa UC Series
ICSA-22-333-05 Mitsubishi Electric FA Engineering Software
ICSA-21-334-02 Mitsubishi MELSEC and MELIPC Series (Update E)
ICSA-19-346-02 Omron PLC CJ and CS Series (Update A)

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Vulnerability Summary for the Week of November 21, 2022

Post author By admin
Post date November 29, 2022

Original release date: November 28, 2022 | Last revised: November 29, 2022

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
2code — wpqa_builder	The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks	2022-11-21	8.8	CVE-2022-3688 CONFIRM
aerocms_project — aerocms	AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at category.php. This vulnerability allows attackers to access database information.	2022-11-22	7.5	CVE-2022-45330 MISC MISC
aerocms_project — aerocms	AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at post.php. This vulnerability allows attackers to access database information.	2022-11-22	7.5	CVE-2022-45331 MISC MISC
apache — alarm_instance_management	Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher	2022-11-23	9.8	CVE-2022-45462 CONFIRM MLIST
apache — hama	UNSUPPORTED WHEN ASSIGNED missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.	2022-11-21	7.5	CVE-2022-45470 MISC MLIST
apartment_visitors_management_system_project — apartment_visitors_management_system	Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.	2022-11-23	9.8	CVE-2022-44139 MISC
api2cart — api2cart_bridge_connector	Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.	2022-11-18	9.8	CVE-2022-42497 CONFIRM CONFIRM
api2cart — api2cart_bridge_connector	Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.	2022-11-18	9.8	CVE-2022-42698 CONFIRM CONFIRM
arm — utgard_gpu_kernel_driver	An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.	2022-11-23	7.5	CVE-2022-34830 MISC MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic.	2022-11-18	7.2	CVE-2022-44378 MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.	2022-11-18	7.2	CVE-2022-44379 MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=.	2022-11-18	7.2	CVE-2022-44413 MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=.	2022-11-18	7.2	CVE-2022-44414 MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=.	2022-11-18	7.2	CVE-2022-44415 MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=.	2022-11-18	7.2	CVE-2022-44820 MISC
awplife — event_monster	The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users	2022-11-21	7.2	CVE-2022-3720 CONFIRM
beekeeperstudio — beekeeper-studio	A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container.	2022-11-21	9.6	CVE-2022-43143 MISC
billing_system_project — billing_system	Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php.	2022-11-22	9.8	CVE-2022-43214 MISC MISC
billing_system_project — billing_system	Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php.	2022-11-22	9.8	CVE-2022-43215 MISC MISC
booster — booster_for_woocommerce	The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack	2022-11-21	8.1	CVE-2022-3763 CONFIRM
carel — boss_mini_firmware	Carel Boss Mini 1.5.0 has Improper Access Control.	2022-11-18	9.9	CVE-2022-34827 MISC MISC
ciphercoin — contact_form_7_database_addon	The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection	2022-11-21	9.8	CVE-2022-3634 CONFIRM
clogica — seo_redirection	Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress.	2022-11-18	8.8	CVE-2022-40695 CONFIRM CONFIRM
cncf — knative_func	knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.	2022-11-19	7.4	CVE-2022-41939 MISC MISC MISC CONFIRM
codepeople — appointment_booking_calendar	Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.	2022-11-18	8.8	CVE-2022-43482 CONFIRM
collne — welcart_e-commerce	Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.	2022-11-18	9.8	CVE-2022-41840 CONFIRM
constantcontact — creative_mail	Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.	2022-11-18	8.8	CVE-2022-40686 CONFIRM
constantcontact — creative_mail	Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.	2022-11-18	8.8	CVE-2022-40687 CONFIRM
constantcontact — creative_mail	Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress.	2022-11-18	8.8	CVE-2022-44740 CONFIRM CONFIRM
dlink — dir-3060_firmware	D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.	2022-11-18	9.8	CVE-2022-44204 MISC MISC
dlink — dir-823g_firmware	D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.	2022-11-22	9.8	CVE-2022-44201 MISC MISC
dlink — dir-823g_firmware	A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.	2022-11-22	9.8	CVE-2022-44808 MISC MISC
dlink — dir-878_firmware	D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow.	2022-11-22	9.8	CVE-2022-44202 MISC MISC
dlink — dir-878_firmware	D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.	2022-11-22	9.8	CVE-2022-44801 MISC MISC
dlink — dir-882_firmware	D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function.	2022-11-22	9.8	CVE-2022-44804 MISC MISC
dlink — dir-882_firmware	D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.	2022-11-22	9.8	CVE-2022-44806 MISC MISC
dlink — dir-882_firmware	D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString.	2022-11-22	9.8	CVE-2022-44807 MISC MISC
dolibarr — dolibarr_erp/crm	SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization’s systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected	2022-11-21	9.8	CVE-2022-4093 MISC CONFIRM
drachtio — drachtio-server	drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.	2022-11-18	9.8	CVE-2022-45474 MISC CONFIRM
dwbooster — appointment_hour_booking	Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.	2022-11-18	8.8	CVE-2022-41692 CONFIRM
emerson — proficy	Emerson Electric’s Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC.	2022-11-22	7.8	CVE-2022-2791 MISC
event_registration_application_project — event_registration_application	Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.	2022-11-21	7.8	CVE-2022-44830 MISC
expresstech — quiz_and_survey_master	Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.	2022-11-18	9.8	CVE-2022-41652 CONFIRM
expresstech — quiz_and_survey_master	Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.	2022-11-18	7.5	CVE-2022-42883 CONFIRM
fastify — fastify	Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s essence as “application/x-www-form-urlencoded”, “multipart/form-data”, or “text/plain”, could potentially be used to invoke routes that only accepts `application/json` content type, thus bypassing any CORS protection, and therefore they could lead to a Cross-Site Request Forgery attack. This issue has been patched in version 4.10.2 and 3.29.4. As a workaround, implement Cross-Site Request Forgery protection using `@fastify/csrf’.	2022-11-22	8.8	CVE-2022-41919 MISC MISC CONFIRM
fluenx — deepl_pro_api_translation	The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information in its log files (which are publicly accessible), including DeepL API key.	2022-11-21	7.5	CVE-2022-3691 CONFIRM
foxit — pdf_reader	A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.	2022-11-21	7.8	CVE-2022-32774 MISC
foxit — pdf_reader	A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.	2022-11-21	7.8	CVE-2022-37332 MISC
foxit — pdf_reader	A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.	2022-11-21	7.8	CVE-2022-38097 MISC
foxit — pdf_reader	A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.	2022-11-21	7.8	CVE-2022-40129 MISC
free5gc — free5gc	In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.	2022-11-18	7.5	CVE-2022-38871 MISC
freedesktop — xdg-utils	When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.	2022-11-19	7.4	CVE-2022-4055 MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1.	2022-11-18	9.8	CVE-2022-41900 CONFIRM MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	9.1	CVE-2022-41880 CONFIRM MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	8.1	CVE-2022-41894 MISC MISC CONFIRM
google — tensorflow	TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41883 MISC MISC CONFIRM MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41884 CONFIRM MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41885 MISC CONFIRM MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41886 MISC CONFIRM MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9.	2022-11-18	7.5	CVE-2022-41887 MISC CONFIRM MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41888 MISC MISC CONFIRM
google — tensorflow	TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41889 CONFIRM MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41890 MISC MISC CONFIRM
google — tensorflow	TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41891 MISC MISC CONFIRM
google — tensorflow	TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41893 CONFIRM MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41895 CONFIRM MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41896 MISC MISC CONFIRM
google — tensorflow	TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41897 MISC CONFIRM MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41898 CONFIRM MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41899 CONFIRM MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41901 MISC CONFIRM MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41907 MISC MISC CONFIRM
google — tensorflow	TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41908 MISC MISC CONFIRM
google — tensorflow	TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41909 CONFIRM MISC MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. When printing a tensor, we get it’s data as a `const char*` array (since that’s the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	7.5	CVE-2022-41911 MISC MISC CONFIRM
gunkastudios — login_block_ips	The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.	2022-11-21	7.5	CVE-2022-1579 CONFIRM
gvectors — wpdiscuz	Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.	2022-11-18	8.8	CVE-2022-43492 CONFIRM CONFIRM
installbuilder — installbuilder	InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL.	2022-11-18	7.3	CVE-2022-31694 MISC
intelbras — sg_2404_poe_firmware	INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.	2022-11-18	7.8	CVE-2022-43308 MISC MISC
jetbrains — hub	In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address	2022-11-18	7.5	CVE-2022-45471 MISC
karmasis — infraskope_security_event_manager	Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to obtain critical information.	2022-11-18	7.5	CVE-2022-24037 CONFIRM
karmasis — infraskope_security_event_manager	Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed.	2022-11-18	7.5	CVE-2022-24038 CONFIRM
klik-socialmediawebsite_project — klik-socialmediawebsite	KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php.	2022-11-22	8.8	CVE-2022-42098 MISC MISC MISC MISC
lg — smart_share	When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005.	2022-11-21	7.8	CVE-2022-45422 MISC
librenms — librenms	Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.	2022-11-20	9.8	CVE-2022-4070 MISC CONFIRM
librenms — librenms	Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.	2022-11-20	8.8	CVE-2022-3525 CONFIRM MISC
linaro — lava	In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.	2022-11-18	9.8	CVE-2022-45132 MISC MISC
linux — linux_kernel	There are use-after-free vulnerabilities in the Linux kernel’s net/bluetooth/l2cap_core.c’s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url	2022-11-23	8.8	CVE-2022-42896 MISC MISC
linux — linux_kernel	Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679	2022-11-22	7.8	CVE-2022-3910 MISC MISC
maarch — maarch_rm	Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.	2022-11-23	7.5	CVE-2022-37772 MISC MISC
maggioli — appalti_&_contratti	An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated by the GetListaEnti.do cfamm parameter.	2022-11-21	9.8	CVE-2022-44785 MISC
maggioli — appalti_&_contratti	An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed services, there is the Axis AdminService, which, through the default configuration, should normally be accessible only by the localhost. Nevertheless, by trying to access the mentioned service, both in LFS and DL229, the service can actually be reached even by remote users, allowing creation of arbitrary services on the server side. When an attacker can reach the AdminService, they can use it to instantiate arbitrary services on the server. The exploit procedure is well known and described in Generic AXIS-SSRF exploitation. Basically, the attack consists of writing a JSP page inside the root directory of the web application, through the org.apache.axis.handlers.LogHandler class.	2022-11-21	8.8	CVE-2022-44784 MISC
maggioli — appalti_&_contratti	An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each application.	2022-11-21	7.5	CVE-2022-44786 MISC
maxfoundry — media_library_folders	Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.	2022-11-18	8.8	CVE-2022-41634 CONFIRM CONFIRM
miele_&_cie_kg — appwash	An API Endpoint used by Miele’s “AppWash” MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a small part of a HTTP request sent to the API. Reading or changing the password of another user was not possible, thus no impact to Availability.	2022-11-21	8.1	CVE-2022-3589 MISC
miniorange — google_authenticator	Broken Access Control vulnerability in miniOrange’s Google Authenticator plugin <= 5.6.1 on WordPress.	2022-11-18	8.8	CVE-2022-42461 CONFIRM
miniorange — wordpress_rest_api_authentication	Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress.	2022-11-18	8.8	CVE-2022-45073 CONFIRM
mitel — micollab	The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.	2022-11-22	9.8	CVE-2022-41326 MISC MISC
my_wpdb_project — my_wpdb	The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack	2022-11-21	8.8	CVE-2022-1578 CONFIRM
ndk-design — ndkadvancedcustomizationfields	ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php.	2022-11-22	9.1	CVE-2022-40842 MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec.	2022-11-22	9.8	CVE-2022-44184 MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri.	2022-11-22	9.8	CVE-2022-44186 MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri.	2022-11-22	9.8	CVE-2022-44187 MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering.	2022-11-22	9.8	CVE-2022-44188 MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering.	2022-11-22	9.8	CVE-2022-44190 MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2.	2022-11-22	9.8	CVE-2022-44191 MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute.	2022-11-22	9.8	CVE-2022-44193 MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.	2022-11-22	9.8	CVE-2022-44194 MISC MISC MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.	2022-11-22	9.8	CVE-2022-44196 MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.	2022-11-22	9.8	CVE-2022-44197 MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1.	2022-11-22	9.8	CVE-2022-44198 MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.	2022-11-22	9.8	CVE-2022-44199 MISC MISC
netgear — r7000p_firmware	Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.	2022-11-22	9.8	CVE-2022-44200 MISC MISC
okfn — ckan	CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.	2022-11-22	8.8	CVE-2022-43685 MISC MISC
optilinknetwork — op-xt71000n_firmware	OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on “/diag_ping_admin.asp” to “PingTest” interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system.	2022-11-23	9.8	CVE-2020-23583 MISC
optilinknetwork — op-xt71000n_firmware	Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using ” \| ” to execute commands on ” /diag_tracert_admin.asp ” in the “PingTest” parameter that leads to command execution.	2022-11-23	9.8	CVE-2020-23584 MISC
optilinknetwork — op-xt71000n_firmware	A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through ” /mgm_dev_upgrade.asp ” which can “delete every file for Denial of Service (using ‘rm -rf .’ in the code), reverse connection (using ‘.asp’ webshell), backdoor.	2022-11-23	9.8	CVE-2020-23591 MISC
optilinknetwork — op-xt71000n_firmware	A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the “mgm_config_file.asp” because of which attacker can create a crafted “csrf form” which sends ” malicious xml data” to “/boaform/admin/formMgmConfigUpload”. the exploit allows attacker to “gain full privileges” and to “fully compromise of router & network”.	2022-11-23	8.8	CVE-2020-23585 MISC
optilinknetwork — op-xt71000n_firmware	A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ‘ /mgm_dev_reset.asp.’ Resetting to default leads to Escalation of Privileges by logging-in with default credentials.	2022-11-23	8.8	CVE-2020-23592 MISC
oxilab — image_hover_effects_ultimate	Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress.	2022-11-18	7.2	CVE-2022-42459 CONFIRM CONFIRM
parallels — remote_application_server	The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.	2022-11-23	8.1	CVE-2022-40870 MISC MISC
permalink_manager_lite_project — permalink_manager_lite	Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.	2022-11-18	9.8	CVE-2022-41781 CONFIRM
pilz_gmbh_&_co._kg — pasvisu_server	A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes (‘zip-slip’).	2022-11-24	7.5	CVE-2022-40977 MISC
proftpd — proftpd	mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.	2022-11-23	7.5	CVE-2021-46854 MISC MISC MISC MISC
redhat — build_of_quarkus	A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.	2022-11-22	9.8	CVE-2022-4116 MISC
ruby-lang — cgi	The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.	2022-11-18	8.8	CVE-2021-33621 CONFIRM
sandhillsdev — easy_digital_downloads	The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.	2022-11-21	9.8	CVE-2022-3600 CONFIRM
sankhya — sankhya_om	ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada.	2022-11-22	9	CVE-2022-42989 MISC MISC MISC
silverstripe — framework	Silverstripe silverstripe/framework through 4.11 allows SQL Injection.	2022-11-21	8.8	CVE-2022-38148 MISC MISC MISC MISC
sourcegraph — sourcegraph	Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0.	2022-11-22	7.8	CVE-2022-41942 CONFIRM MISC
sourcegraph — sourcegraph	sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0.	2022-11-22	7.2	CVE-2022-41943 MISC CONFIRM
super_xray_project — super_xray	super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation vulnerability was discovered. This caused inaccurate default xray permissions. Note: this vulnerability only affects Linux and Mac OS systems. Users should upgrade to super-xray 0.3-beta.	2022-11-22	7.8	CVE-2022-41950 CONFIRM MISC
tenda — ac15_firmware	Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.	2022-11-21	7.5	CVE-2022-44156 MISC
tenda — ac15_firmware	Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer.	2022-11-21	7.5	CVE-2022-44167 MISC
tenda — ac15_firmware	Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..	2022-11-21	7.5	CVE-2022-44168 MISC
tenda — ac15_firmware	Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer.	2022-11-21	7.5	CVE-2022-44169 MISC
tenda — ac21_firmware	Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name.	2022-11-21	7.5	CVE-2022-44158 MISC
tenda — ac21_firmware	Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.	2022-11-21	7.5	CVE-2022-44163 MISC
testng_project — testng	A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-214027.	2022-11-19	7.8	CVE-2022-4065 N/A N/A N/A
totolink — lr350_firmware	TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.	2022-11-23	9.8	CVE-2022-44249 MISC
totolink — lr350_firmware	TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.	2022-11-23	9.8	CVE-2022-44250 MISC
totolink — lr350_firmware	TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.	2022-11-23	9.8	CVE-2022-44251 MISC
totolink — lr350_firmware	TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.	2022-11-23	9.8	CVE-2022-44252 MISC
totolink — lr350_firmware	TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.	2022-11-23	9.8	CVE-2022-44255 MISC
totolink — lr350_firmware	TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.	2022-11-23	8.8	CVE-2022-44253 MISC
totolink — lr350_firmware	TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.	2022-11-23	8.8	CVE-2022-44254 MISC
totolink — lr350_firmware	TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.	2022-11-23	8.8	CVE-2022-44257 MISC
totolink — lr350_firmware	TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.	2022-11-23	8.8	CVE-2022-44258 MISC
totolink — lr350_firmware	TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.	2022-11-23	8.8	CVE-2022-44259 MISC
totolink — lr350_firmware	TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.	2022-11-23	8.8	CVE-2022-44260 MISC
totolink — nr1800x_firmware	TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.	2022-11-23	8.8	CVE-2022-44256 MISC
visztpeter — package_points_and_shipping_labels_for_woocommerce	Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter’s Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress.	2022-11-18	8.8	CVE-2022-41685 CONFIRM CONFIRM CONFIRM CONFIRM
watchtowerhq — watchtower	Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.	2022-11-18	9.1	CVE-2022-44584 CONFIRM CONFIRM
watchtowerhq — watchtower	Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.	2022-11-18	7.5	CVE-2022-44583 CONFIRM CONFIRM
webence — iq_block_country	Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.	2022-11-19	9.8	CVE-2022-41155 CONFIRM CONFIRM
wedevs — wp_user_frontend	The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin	2022-11-21	9.8	CVE-2021-24649 CONFIRM
wordplus — better_messages	Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress.	2022-11-19	8.8	CVE-2022-41609 CONFIRM CONFIRM
zohocorp — manageengine_admanager_plus	Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.	2022-11-18	7.2	CVE-2022-42904 MISC
zyxel — lte3301-m209_firmware	A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.	2022-11-22	9.8	CVE-2022-40602 CONFIRM

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
accessibility_project — accessibility	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress.	2022-11-18	4.8	CVE-2022-41643 CONFIRM CONFIRM
aerocms_project — aerocms	AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at adminincludesedit_post.php. This vulnerability allows attackers to access database information.	2022-11-22	4.9	CVE-2022-45529 MISC MISC
aerocms_project — aerocms	AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at admincategories.php. This vulnerability allows attackers to access database information.	2022-11-22	4.9	CVE-2022-45535 MISC MISC
aerocms_project — aerocms	AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at adminpost_comments.php. This vulnerability allows attackers to access database information.	2022-11-22	4.9	CVE-2022-45536 MISC MISC
agilelogix — store_locator	Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.	2022-11-18	6.1	CVE-2022-41615 CONFIRM CONFIRM
algolplus — phone_orders_for_woocommerce	Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress.	2022-11-18	6.5	CVE-2022-41655 CONFIRM CONFIRM
appsmith — appsmith	Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.	2022-11-21	6.5	CVE-2022-4096 CONFIRM MISC
awplife — event_monster	The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack	2022-11-21	4.3	CVE-2022-3336 CONFIRM
backdropcms — backdrop	Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the ‘Card’ content.	2022-11-22	4.8	CVE-2022-42094 MISC MISC MISC MISC
backdropcms — backdrop	Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via ‘Comment.’ .	2022-11-22	4.8	CVE-2022-42097 MISC MISC MISC MISC
backdropcms — backdrop_cms	Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.	2022-11-21	4.8	CVE-2022-42096 MISC MISC MISC MISC
blood_donor_management_system_project — blood_donor_management_system	Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature.	2022-11-21	4.8	CVE-2022-40470 MISC
booster — booster_for_woocommerce	The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite)	2022-11-21	6.5	CVE-2022-3762 CONFIRM
booster — booster_for_woocommerce	Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.	2022-11-18	4.3	CVE-2022-41805 CONFIRM
caehealthcare — learningspace_enterprise	CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup.	2022-11-23	5.4	CVE-2022-45472 MISC MISC
clevelandwebdeveloper — spacer	The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).	2022-11-21	4.8	CVE-2022-3618 CONFIRM
code-atlantic — popup_maker	The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-11-21	4.8	CVE-2022-3690 CONFIRM
codenotary — immudb	immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server’s UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value reported by the server. A malicious server can change the reported UUID tricking the client to treat it as a different server thus accepting a state completely irrelevant to the one previously retrieved from the server. This issue has been patched in version 1.4.1. As a workaround, when initializing an immudb client object a custom state handler can be used to store the state. Providing custom implementation that ignores the server UUID can be used to ensure that even if the server changes the UUID, client will still consider it to be the same server.	2022-11-22	5.9	CVE-2022-39199 MISC CONFIRM
codenotary — immudb	immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability. This issue has been patched in version 1.4.1.	2022-11-23	5.3	CVE-2022-36111 MISC MISC CONFIRM MISC
drachtio — drachtio-server	In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.	2022-11-18	5.5	CVE-2022-45473 MISC CONFIRM
elastic — kibana	An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.	2022-11-18	6.1	CVE-2021-22141 MISC MISC
elastic — kibana	It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user.	2022-11-18	5.4	CVE-2021-37936 MISC MISC
evaluate_project — evaluate	The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).	2022-11-21	4.8	CVE-2022-3753 CONFIRM
expresstech — quiz_and_survey_master	Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.	2022-11-18	6.1	CVE-2022-40698 CONFIRM
fivestarplugins — five_star_restaurant_reservations	The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments	2022-11-21	6.1	CVE-2022-0421 CONFIRM
flarum — flarum	Flarum is an open source discussion platform. Flarum’s page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue.	2022-11-19	5.4	CVE-2022-41938 CONFIRM MISC MISC
ibm — datapower_gateway	IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527.	2022-11-22	5.4	CVE-2022-40228 MISC MISC
ibm — i_access_client_solutions	IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.	2022-11-21	6.7	CVE-2022-40746 MISC MISC
inkthemes — ask_me	The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.	2022-11-21	4.7	CVE-2022-3750 CONFIRM
kiwitcms — kiwi_tcms	A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.	2022-11-21	5.4	CVE-2022-4105 CONFIRM MISC
librenms — librenms	Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.	2022-11-20	6.1	CVE-2022-3516 CONFIRM MISC
librenms — librenms	Cross-site Scripting (XSS) – Generic in GitHub repository librenms/librenms prior to 22.10.0.	2022-11-20	6.1	CVE-2022-3561 CONFIRM MISC
librenms — librenms	Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.	2022-11-20	5.4	CVE-2022-3562 CONFIRM MISC
librenms — librenms	Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.	2022-11-20	5.4	CVE-2022-4067 MISC CONFIRM
librenms — librenms	Cross-site Scripting (XSS) – Generic in GitHub repository librenms/librenms prior to 22.10.0.	2022-11-20	4.8	CVE-2022-4069 MISC CONFIRM
linaro — lava	In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.	2022-11-18	6.5	CVE-2022-44641 MISC
linux — linux_kernel	There is an infoleak vulnerability in the Linux kernel’s net/bluetooth/l2cap_core.c’s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url	2022-11-23	5.5	CVE-2022-42895 MISC MISC
maarch — maarch_rm	An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases.	2022-11-23	6.5	CVE-2022-37773 MISC MISC
maarch — maarch_rm	There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document’s URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication.	2022-11-23	5.3	CVE-2022-37774 MISC MISC
maggioli — appalti_&_contratti	An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login.	2022-11-21	6.5	CVE-2022-44788 MISC
maggioli — appalti_&_contratti	An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. As an example, the onmouseenter attribute is not sanitized.	2022-11-21	6.1	CVE-2022-44787 MISC
matrix — synapse	Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file.	2022-11-22	5.3	CVE-2022-41952 CONFIRM MISC MISC MISC MISC
mattermost — mattermost	A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.	2022-11-23	6.5	CVE-2022-4019 MISC MISC
mattermost — mattermost	A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.	2022-11-23	6.5	CVE-2022-4044 MISC MISC
mattermost — mattermost	A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.	2022-11-23	6.5	CVE-2022-4045 MISC
microfocus — filr	A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1.	2022-11-21	5.3	CVE-2022-38755 MISC
mitel — mivoice_connect	A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.	2022-11-22	6.8	CVE-2022-40765 MISC MISC
mitel — mivoice_connect	The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.	2022-11-22	6.8	CVE-2022-41223 MISC MISC
moodle — moodle	A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user’s browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.	2022-11-23	6.1	CVE-2022-45150 MISC MISC MISC
moodle — moodle	A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user’s CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.	2022-11-23	5.4	CVE-2022-45149 MISC MISC MISC
moodle — moodle	The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several “social” user profile fields. An attacker could inject and execute arbitrary HTML and script code in user’s browser in context of vulnerable website.	2022-11-23	5.4	CVE-2022-45151 MISC MISC MISC
mybb — mybb	MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data	2022-11-22	6.1	CVE-2022-43707 MISC MISC
mybb — mybb	MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name	2022-11-22	6.1	CVE-2022-43708 MISC MISC
mybb — mybb	MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP’s Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.	2022-11-22	4.9	CVE-2022-43709 MISC MISC
optilinknetwork — op-xt71000n_firmware	A vulnerability in the “/admin/wlmultipleap.asp” of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.	2022-11-21	6.5	CVE-2020-23582 MISC
optilinknetwork — op-xt71000n_firmware	A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting the router through ” /mgm_dev_reboot.asp.”	2022-11-23	6.5	CVE-2020-23589 MISC
optilinknetwork — op-xt71000n_firmware	A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for “WLAN SSID” through “wlwpa.asp”.	2022-11-23	6.5	CVE-2020-23590 MISC
optilinknetwork — op-xt71000n_firmware	A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ‘ /mgm_log_cfg.asp.’ The system starts to log events, ‘Remote’ mode or ‘Both’ mode on “Syslog — Configuration page” logs events and sends to remote syslog server IP and Port.	2022-11-23	6.5	CVE-2020-23593 MISC
optilinknetwork — op-xt71000n_firmware	A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule.	2022-11-23	4.3	CVE-2020-23586 MISC
optilinknetwork — op-xt71000n_firmware	A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to “Enable or Disable Ports” and to “Change port number” through ” /rmtacc.asp “.	2022-11-23	4.3	CVE-2020-23588 MISC
oxilab — accordions	Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key.	2022-11-18	4.8	CVE-2022-45082 CONFIRM CONFIRM
password_storage_application_project — password_storage_application	Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters.	2022-11-21	5.4	CVE-2022-43117 MISC MISC
pencidesign — soledad	Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.	2022-11-18	5.4	CVE-2022-41788 CONFIRM CONFIRM
pilz_gmbh_&_co._kg — multiple_products	A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes (‘zip-slip’).	2022-11-24	5.5	CVE-2022-40976 MISC MISC
richplugins — plugin_for_google_reviews	Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress.	2022-11-18	4.3	CVE-2022-45369 CONFIRM
seppmail — seppmail	The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address.	2022-11-18	6.1	CVE-2021-31739 MISC
silabs — zigbee_emberznet	A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.	2022-11-18	6.5	CVE-2022-24939 MISC MISC
silverstripe — framework	Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.	2022-11-22	6.1	CVE-2022-38462 MISC MISC MISC
silverstripe — framework	Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).	2022-11-21	5.4	CVE-2022-38146 MISC MISC MISC MISC
socket — engine.io	Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.	2022-11-22	6.5	CVE-2022-41940 MISC MISC CONFIRM
teacher_record_management_system_project — teacher_record_management_system	A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page.	2022-11-22	4.8	CVE-2022-41445 MISC MISC MISC MISC
themeum — wp_page_builder	Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress.	2022-11-18	5.4	CVE-2022-40963 CONFIRM CONFIRM
tooljet — tooljet	Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.	2022-11-22	6.5	CVE-2022-4111 MISC CONFIRM
villatheme — s2w_-_import_shopify_to_woocommerce	Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress.	2022-11-18	4.9	CVE-2022-44634 CONFIRM CONFIRM
wbce — wbce_cms	A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.	2022-11-21	4.8	CVE-2022-45012 MISC MISC MISC
wbce — wbce_cms	A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.	2022-11-21	4.8	CVE-2022-45013 MISC MISC MISC
wbce — wbce_cms	A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field.	2022-11-21	4.8	CVE-2022-45014 MISC MISC MISC
wbce — wbce_cms	A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.	2022-11-21	4.8	CVE-2022-45015 MISC MISC MISC
wbce — wbce_cms	A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.	2022-11-21	4.8	CVE-2022-45016 MISC MISC MISC
wbce — wbce_cms	A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.	2022-11-21	4.8	CVE-2022-45017 MISC MISC MISC
webartesanal — mantenimiento_web	Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress.	2022-11-18	6.1	CVE-2022-38075 CONFIRM
wire — wire	Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppDataRoamingWireIndexedDBhttps_app.wire.com_0.indexeddb.leveldb database.	2022-11-18	4.7	CVE-2022-43673 MISC MISC
wordplus — better_messages	Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress.	2022-11-18	6.5	CVE-2022-40216 CONFIRM CONFIRM
wp-polls_project — wp-polls	The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.	2022-11-21	5.3	CVE-2022-1581 MISC CONFIRM
wpbrigade — loginpress	Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.	2022-11-18	5.3	CVE-2022-41839 CONFIRM
wpchill — customizable_wordpress_gallery_plugin_-_modula_image_gallery	Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress.	2022-11-18	5.3	CVE-2022-41135 CONFIRM
wpml — wpml	Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.	2022-11-18	4.3	CVE-2022-38974 CONFIRM
yikesinc — custom_product_tabs_for_woocommerce	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress.	2022-11-18	4.8	CVE-2022-43463 CONFIRM

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
dalli_project — dalli	A vulnerability was found in Dalli. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to apply a patch to fix this issue. VDB-214026 is the identifier assigned to this vulnerability.	2022-11-19	3.7	CVE-2022-4064 MISC MISC MISC MISC
optilinknetwork — op-xt71000n_firmware	A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes in RoutingConfiguration on ” /routing.asp “.	2022-11-23	3.1	CVE-2020-23587 MISC
wp-polls_project — wp-polls	Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress.	2022-11-18	3.1	CVE-2022-40130 CONFIRM CONFIRM

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
airbnb — optica	A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`.	2022-11-23	not yet calculated	CVE-2022-41875 CONFIRM MISC MISC
amasty — amasty_blog	Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.	2022-11-23	not yet calculated	CVE-2022-35500 MISC MISC
amasty — amasty_blog_pro	Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function.	2022-11-23	not yet calculated	CVE-2022-35501 MISC MISC
apache — dolphinscheduler	When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.	2022-11-24	not yet calculated	CVE-2022-26885 MISC
apache — multiple_products	Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.	2022-11-22	not yet calculated	CVE-2022-40189 MISC MISC
apache — multiple_products	Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).	2022-11-22	not yet calculated	CVE-2022-41131 MISC MISC
apache — multiple_products	Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).	2022-11-22	not yet calculated	CVE-2022-40954 MISC MISC
apache –airflow_pinot_provider	Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.	2022-11-22	not yet calculated	CVE-2022-38649 MISC MISC
artifex — mujs	A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.	2022-11-23	not yet calculated	CVE-2022-44789 MISC MISC CONFIRM
asith-eranga — isic_tour	File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php.	2022-11-22	not yet calculated	CVE-2022-30529 MISC MISC
automotive_shop_management_system — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.	2022-11-23	not yet calculated	CVE-2022-44280 MISC
automotive_shop_management_system — automotive_shop_management_system	Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.	2022-11-25	not yet calculated	CVE-2022-44858 MISC
automotive_shop_management_system — automotive_shop_management_system	Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php.	2022-11-25	not yet calculated	CVE-2022-44859 MISC
automotive_shop_management_system — automotive_shop_management_system	Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php.	2022-11-25	not yet calculated	CVE-2022-44860 MISC
backdrop_cms — backdrop_cms	Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.	2022-11-23	not yet calculated	CVE-2022-42095 MISC MISC MISC MISC MISC
badaso — badaso	Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.	2022-11-25	not yet calculated	CVE-2022-41705 MISC MISC
basercms — basercms	BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability.	2022-11-25	not yet calculated	CVE-2022-39325 CONFIRM MISC MISC
bat-c2 — bat-c2	The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor’s ID is BSECV-2022-21.	2022-11-25	not yet calculated	CVE-2022-40282 MISC
boa — boa	Boa 0.94.14rc21 is vulnerable to SQL Injection via username.	2022-11-23	not yet calculated	CVE-2022-44117 MISC
book_store_management_system — book_store_management_system	Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter.	2022-11-25	not yet calculated	CVE-2022-45225 MISC
bouncy_castle — bc-fja	An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.	2022-11-21	not yet calculated	CVE-2022-45146 MISC CONFIRM
churchinfo — churchinfo	CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.	2022-11-23	not yet calculated	CVE-2021-43258 MISC MISC MISC
codeigniter — codeigniter	An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.	2022-11-23	not yet calculated	CVE-2022-41446 MISC MISC MISC MISC
dedecmdv6 — dedecmdv6	dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php.	2022-11-23	not yet calculated	CVE-2022-43196 MISC
dedecmdv6 — dedecmdv6	dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.	2022-11-23	not yet calculated	CVE-2022-44118 MISC
dedecmdv6 — dedecmdv6	dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php.	2022-11-23	not yet calculated	CVE-2022-44120 MISC
drachtio — drachtio-server	drachtio-server 0.8.18 has a heap-based buffer over-read via a long Request-URI in an INVITE request.	2022-11-26	not yet calculated	CVE-2022-45909 MISC
etms — ondiskplayeragent	Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code.	2022-11-25	not yet calculated	CVE-2022-41156 MISC
eyoom — eyoom_builder	Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code.	2022-11-25	not yet calculated	CVE-2022-41158 MISC
eyoucms — eyoucms	A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	2022-11-23	not yet calculated	CVE-2022-45280 MISC
f-secure — endpoint_protection	In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.	2022-11-25	not yet calculated	CVE-2022-38166 MISC
filecloud — filecloud	FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.	2022-11-23	not yet calculated	CVE-2022-39833 CONFIRM MISC
fortiguard_labs — multiple_products	An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.	2022-11-25	not yet calculated	CVE-2022-38377 MISC
frappe — frappe	Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.	2022-11-25	not yet calculated	CVE-2022-41712 MISC MISC
github — enterprise_server	CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.	2022-11-23	not yet calculated	CVE-2022-23740 MISC
google — chrome	Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)	2022-11-25	not yet calculated	CVE-2022-4135 MISC MISC
grails — grails_spring_security_core	Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack. This vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1. Impacted Applications: Grails Spring Security Core plugin versions: 1.x 2.x >=3.0.0 <3.3.2 >=4.0.0 <4.0.5 >=5.0.0 <5.1.1 We strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin. Workarounds: Users should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration: * `AnnotationFilterInvocationDefinition` * `InterceptUrlMapFilterInvocationDefinition` * `RequestmapFilterInvocationDefinition` In each case, the subclass should override the `calculateUri` method like so: “` @Override protected String calculateUri(HttpServletRequest request) { UrlPathHelper.defaultInstance.getRequestUri(request) } “` This should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin.	2022-11-23	not yet calculated	CVE-2022-41923 CONFIRM MISC MISC
h2 — database_engine	The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states “This is not a vulnerability of H2 Console … Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.”	2022-11-23	not yet calculated	CVE-2022-45868 MISC MISC
hewlett_packard_enterprise — netbatch-plus	A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details.	2022-11-22	not yet calculated	CVE-2022-37931 MISC
hitachi_energy — multiple_products	An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user’s role.	2022-11-21	not yet calculated	CVE-2022-3388 MISC
hitachi_energy — pcm600	A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database. An attacker who manages to get access to the exported backup file can exploit the vulnerability and obtain credentials of the IEDs. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs.	2022-11-22	not yet calculated	CVE-2022-2513 MISC
human_resource_management_system — human_resource_management_system	Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message.	2022-11-25	not yet calculated	CVE-2022-45218 MISC MISC
insyde — insydeh20	An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O.	2022-11-22	not yet calculated	CVE-2022-35407 MISC MISC
insyde — insydeh2o	An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.	2022-11-21	not yet calculated	CVE-2022-35897 MISC MISC
insyde — insydeh2o	In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: “In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.”	2022-11-22	not yet calculated	CVE-2022-36227 MISC MISC
insyde — insydeh2o	An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.	2022-11-23	not yet calculated	CVE-2022-36337 MISC MISC
ipxe — ipxe	A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability.	2022-11-21	not yet calculated	CVE-2022-4087 MISC MISC
iterm2 — iterm2	iTerm2 before 3.4.18 mishandles a DECRQSS response.	2022-11-23	not yet calculated	CVE-2022-45872 MISC
jeecg-boot — jeecg-boot	Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.	2022-11-25	not yet calculated	CVE-2022-45205 MISC MISC
jeecg-boot — jeecg-boot	Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check.	2022-11-25	not yet calculated	CVE-2022-45206 MISC MISC
jeecg-boot — jeecg-boot	Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString.	2022-11-25	not yet calculated	CVE-2022-45207 MISC MISC
jeecg-boot — jeecg-boot	Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.	2022-11-25	not yet calculated	CVE-2022-45208 MISC MISC
jeecg-boot — jeecg-boot	Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.	2022-11-25	not yet calculated	CVE-2022-45210 MISC MISC
jizhicms — jizhicms	An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html	2022-11-23	not yet calculated	CVE-2021-29334 MISC
jizhicms — jizhicms	Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.	2022-11-23	not yet calculated	CVE-2022-44140 MISC
jizhicms — jizhicms	Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.	2022-11-23	not yet calculated	CVE-2022-45278 MISC
keylime — keylime	A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.	2022-11-22	not yet calculated	CVE-2022-3500 MISC MISC
knime — analytics_platform	A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user’s system. This vulnerability is also known as ‘Zip-Slip’. An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It’s not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is wrong because an error is being reported but only after the files have already been written. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the user. In all cases the attacker has to know the location of files on the user’s system, though.	2022-11-24	not yet calculated	CVE-2022-44749 MISC
knime — server	A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server’s file system. This vulnerability is also known as ‘Zip-Slip’. An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server’s file system, though. Note that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor’s operating system user. There is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.	2022-11-24	not yet calculated	CVE-2022-44748 MISC
librenms — librenms/librenms	A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin’s account.	2022-11-20	not yet calculated	CVE-2022-4068 MISC CONFIRM
libxml2 — libxml2	An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.	2022-11-23	not yet calculated	CVE-2022-40303 MISC MISC
libxml2 — libxml2	An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.	2022-11-23	not yet calculated	CVE-2022-40304 MISC MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.	2022-11-25	not yet calculated	CVE-2022-45884 MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.	2022-11-25	not yet calculated	CVE-2022-45885 MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.	2022-11-25	not yet calculated	CVE-2022-45886 MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.	2022-11-25	not yet calculated	CVE-2022-45887 MISC MISC
linux — linux_kernel	An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.	2022-11-25	not yet calculated	CVE-2022-45888 MISC
manage_engine — manage_engine	Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.	2022-11-23	not yet calculated	CVE-2022-40770 MISC MISC
manage_engine — manage_engine	Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.	2022-11-23	not yet calculated	CVE-2022-40771 MISC MISC
manage_engine — manage_engine	Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.	2022-11-23	not yet calculated	CVE-2022-40772 MISC MISC
mcafee — total_protection	McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges.	2022-11-23	not yet calculated	CVE-2022-43751 MISC MISC
microweber — microweber	Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the ‘select-file’ parameter.	2022-11-25	not yet calculated	CVE-2022-0698 MISC MISC
microweber — microweber	Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.	2022-11-22	not yet calculated	CVE-2022-33012 MISC MISC MISC MISC
mitsubishi electric — multiple_products	Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.	2022-11-24	not yet calculated	CVE-2022-40266 MISC MISC
mitsubishi_electric — gx_works3	Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 all versions allows an unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.	2022-11-25	not yet calculated	CVE-2022-29825 MISC MISC
mitsubishi_electric — gx_works3	Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions 1.086Q and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.	2022-11-25	not yet calculated	CVE-2022-29826 MISC MISC
mitsubishi_electric — gx_works3	Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.	2022-11-25	not yet calculated	CVE-2022-29827 MISC MISC
mitsubishi_electric — gx_works3	Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.	2022-11-25	not yet calculated	CVE-2022-29828 MISC MISC
mitsubishi_electric — gx_works3	Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information . As a result, unauthorized users may view or execute programs illegally.	2022-11-25	not yet calculated	CVE-2022-29829 MISC MISC
mitsubishi_electric — gx_works3	Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthorized users may obtain information about project files illegally.	2022-11-25	not yet calculated	CVE-2022-29830 MISC MISC
mitsubishi_electric — gx_works3	Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to obtain information about the project file for MELSEC safety CPU modules.	2022-11-25	not yet calculated	CVE-2022-29831 MISC MISC
mitsubishi_electric — gx_works3	Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could obtain information about the project file for MELSEC safety CPU modules.	2022-11-25	not yet calculated	CVE-2022-29832 MISC MISC
mitsubishi_electric — gx_works3	Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could access to MELSEC safety CPU modules illgally.	2022-11-25	not yet calculated	CVE-2022-29833 MISC MISC
mitsubishi_electric — multiple_products	Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users can gain unauthorized access to the CPU module and the OPC UA server module.	2022-11-25	not yet calculated	CVE-2022-25164 MISC MISC
moodle — moodle	A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle’s inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.	2022-11-25	not yet calculated	CVE-2022-45152 MISC MISC MISC
mpxj– mpxj	MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ’s use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r–r–`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files.	2022-11-25	not yet calculated	CVE-2022-41954 CONFIRM MISC
nextcloud — nextcloud_desktop	Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.	2022-11-25	not yet calculated	CVE-2022-39331 MISC MISC CONFIRM
nextcloud — nextcloud_desktop	Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.	2022-11-25	not yet calculated	CVE-2022-39332 MISC MISC CONFIRM
nextcloud — nextcloud_desktop	Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.	2022-11-25	not yet calculated	CVE-2022-39333 MISC CONFIRM MISC
nextcloud — nextcloud_desktop	Nextcloud desktop is the desktop sync client for Nextcloud. Versions prior to 3.6.1 would incorrectly trust invalid TLS certificates. A Man-in-the-middle attack is possible in case a user can be made running a nextcloudcmd CLI command locally. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this vulnerability.	2022-11-25	not yet calculated	CVE-2022-39334 MISC CONFIRM MISC MISC
nextcloud — security-advisories	user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this vulnerability has only been shown to be exploitable in the Safari web browser. This issue has been addressed in version 1.2.1. Users are advised to upgrade. Users unable to upgrade should urge their users to avoid using the Safari web browser.	2022-11-25	not yet calculated	CVE-2022-39338 CONFIRM MISC MISC
nextcloud — security-advisories	user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings).	2022-11-25	not yet calculated	CVE-2022-39339 MISC MISC CONFIRM
nextcloud — security-advisories	Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.	2022-11-25	not yet calculated	CVE-2022-39346 CONFIRM MISC MISC
nextcloud — security-advisories	Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue.	2022-11-25	not yet calculated	CVE-2022-41926 MISC CONFIRM MISC
nxp — multiple_products	An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)	2022-11-18	not yet calculated	CVE-2022-45163 MISC MISC MISC
octopus_deploy — octopus_server	In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.	2022-11-25	not yet calculated	CVE-2022-2721 MISC
orchard — orchard_cms	Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim’s browser.	2022-11-25	not yet calculated	CVE-2022-37720 MISC MISC MISC
paddlepaddle — paddlepaddle	In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.	2022-11-26	not yet calculated	CVE-2022-45908 MISC MISC
pgjdbc — pgjdbc	pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system’s temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.	2022-11-23	not yet calculated	CVE-2022-41946 MISC CONFIRM
phpgurukul — blood_donor_management_system	PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.	2022-11-25	not yet calculated	CVE-2022-38813 MISC MISC MISC MISC
pyro — pyrocms	PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.	2022-11-25	not yet calculated	CVE-2022-37721 MISC MISC
pytorch — pytorch	In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.	2022-11-26	not yet calculated	CVE-2022-45907 MISC MISC
qmpaas — qmpaas/leadshop	Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method.	2022-11-24	not yet calculated	CVE-2022-4136 CONFIRM MISC
qpress — qpress	qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.	2022-11-23	not yet calculated	CVE-2022-45866 MISC MISC MISC MISC MISC
qs — qs	qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has “deps: qs@6.9.7” in its release description, is not vulnerable).	2022-11-26	not yet calculated	CVE-2022-24999 MISC CONFIRM CONFIRM
rizalafani — cms-php	SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1.	2022-11-23	not yet calculated	CVE-2021-35284 MISC
sanitization_management_system — sanitization_management_system	Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.	2022-11-23	not yet calculated	CVE-2022-44278 MISC
schneider_electric — multiple_products	A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)	2022-11-22	not yet calculated	CVE-2022-0222 CONFIRM
schneider_electric — multiple_products	A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP and BMEH)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)	2022-11-22	not yet calculated	CVE-2022-37301 CONFIRM
seiko_epson_corporation — multiple_products	The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.	2022-11-25	not yet calculated	CVE-2022-36133 MISC MISC
silverstripe — multiple_products	Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.	2022-11-23	not yet calculated	CVE-2022-38724 MISC MISC MISC MISC
silverstripe — silverstripe/cms	Silverstripe silverstripe/cms through 4.11.0 allows XSS.	2022-11-23	not yet calculated	CVE-2022-37421 MISC MISC MISC MISC
silverstripe — silverstripe/framework	Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.	2022-11-23	not yet calculated	CVE-2022-37429 MISC MISC MISC MISC
silverstripe — silverstripe/framework	Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).	2022-11-23	not yet calculated	CVE-2022-37430 MISC MISC MISC MISC
silverstripe — silverstripe/framework	Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page’s meta description and get it executed in the versioned history compare view.	2022-11-23	not yet calculated	CVE-2022-38145 MISC MISC MISC MISC
silverstripe — silverstripe/framework	Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).	2022-11-23	not yet calculated	CVE-2022-38147 MISC MISC MISC MISC
solarwinds — ets	The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user’s network traffic could bypass the application’s use of SSL/TLS encryption and use the application as a platform for attacks against its users.	2022-11-23	not yet calculated	CVE-2021-35246 MISC MISC MISC
solarwinds — sem	This vulnerability discloses build and services versions in the server response header.	2022-11-23	not yet calculated	CVE-2022-38113 MISC MISC
solarwinds — sem	This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.	2022-11-23	not yet calculated	CVE-2022-38114 MISC MISC
solarwinds — sem	Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT	2022-11-23	not yet calculated	CVE-2022-38115 MISC MISC
sourcecodester — billing_system_project	Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php.	2022-11-22	not yet calculated	CVE-2022-43212 MISC MISC
sourcecodester — billing_system_project	Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php.	2022-11-23	not yet calculated	CVE-2022-43213 MISC MISC
sourcecodester — canteen_management_system	A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359.	2022-11-25	not yet calculated	CVE-2022-4091 MISC MISC
spatie — browsershot	Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.	2022-11-25	not yet calculated	CVE-2022-41706 MISC MISC
spatie — browsershot	Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL’s that use the file:// protocol.	2022-11-25	not yet calculated	CVE-2022-43983 MISC MISC
spatie — browsershot	Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.	2022-11-25	not yet calculated	CVE-2022-43984 MISC MISC
stock_management_system — stock_management_system	A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability.	2022-11-24	not yet calculated	CVE-2022-4088 MISC MISC
stock_management_system — stock_management_system	A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214324.	2022-11-24	not yet calculated	CVE-2022-4089 MISC MISC
stock_management_system — stock_management_system	A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331.	2022-11-24	not yet calculated	CVE-2022-4090 MISC MISC
super-xray — super-xray	super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ??into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta.	2022-11-21	not yet calculated	CVE-2022-41945 CONFIRM MISC
super-xray — super-xray	super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.	2022-11-25	not yet calculated	CVE-2022-41958 MISC CONFIRM
systemd — systemd	systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.	2022-11-23	not yet calculated	CVE-2022-45873 MISC MISC MISC
tailscale — tailscale	A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue.	2022-11-23	not yet calculated	CVE-2022-41924 CONFIRM MISC MISC
tailscale — tailscale	A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node’s Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the node’s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user’s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop. All Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue.	2022-11-23	not yet calculated	CVE-2022-41925 CONFIRM MISC MISC
technitium_software — dns_server	An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for “Ghost” domain names.	2022-11-21	not yet calculated	CVE-2022-30257 MISC
technitium_software — dns_server	An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for “Ghost” domain names.	2022-11-21	not yet calculated	CVE-2022-30258 MISC
tenda — ac18	Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set.	2022-11-21	not yet calculated	CVE-2022-44171 MISC
tenda — ac18	Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler.	2022-11-21	not yet calculated	CVE-2022-44172 MISC
tenda — ac18	Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName.	2022-11-21	not yet calculated	CVE-2022-44174 MISC
tenda — ac18	Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.	2022-11-21	not yet calculated	CVE-2022-44175 MISC
tenda — ac18	Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic.	2022-11-21	not yet calculated	CVE-2022-44176 MISC
tenda — ac18	Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart.	2022-11-21	not yet calculated	CVE-2022-44177 MISC
tenda — ac18	Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB.	2022-11-21	not yet calculated	CVE-2022-44178 MISC
tenda — ac18	Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter.	2022-11-21	not yet calculated	CVE-2022-44180 MISC
tenda — ac18	Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.	2022-11-21	not yet calculated	CVE-2022-44183 MISC
tiny_file_manager — tiny_file_manager	Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.	2022-11-25	not yet calculated	CVE-2022-23044 MISC MISC
tiny_file_manager — tiny_file_manager	Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.	2022-11-25	not yet calculated	CVE-2022-45475 MISC MISC
tiny_file_manager — tiny_file_manager	Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.	2022-11-25	not yet calculated	CVE-2022-45476 MISC MISC
totolink — a7100ru	TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.	2022-11-25	not yet calculated	CVE-2022-44843 MISC
totolink — a7100ru	TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.	2022-11-25	not yet calculated	CVE-2022-44844 MISC
tu6ge — oss-rs	aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.	2022-11-22	not yet calculated	CVE-2022-39397 MISC CONFIRM
vim — vim/vim	The target’s backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable.	2022-11-25	not yet calculated	CVE-2022-4141 CONFIRM MISC
vmware — open-vm-tools	An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.	2022-11-23	not yet calculated	CVE-2009-1142 MISC MISC
vmware — open-vm-tools	An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).	2022-11-23	not yet calculated	CVE-2009-1143 MISC MISC
wbce — wbce_cms	A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.	2022-11-25	not yet calculated	CVE-2022-45036 MISC
wbce — wbce_cms	A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.	2022-11-25	not yet calculated	CVE-2022-45037 MISC
wbce — wbce_cms	A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.	2022-11-25	not yet calculated	CVE-2022-45038 MISC
wbce — wbce_cms	An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.	2022-11-25	not yet calculated	CVE-2022-45039 MISC
wbce — wbce_cms	A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.	2022-11-25	not yet calculated	CVE-2022-45040 MISC
web_based_quiz_system — web_based_quiz_system	Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users’ passwords via a bruteforce attack.	2022-11-25	not yet calculated	CVE-2022-44411 MISC
webcash — serp_server	A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.	2022-11-25	not yet calculated	CVE-2022-41157 MISC
wger — wger	Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.	2022-11-24	not yet calculated	CVE-2022-2650 CONFIRM MISC
wind_river — vxworks	An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.	2022-11-25	not yet calculated	CVE-2022-38767 MISC MISC
wordpress — wordpress	The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..	2022-11-21	not yet calculated	CVE-2022-3861 MISC MISC MISC
wordpress — wordpress	Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.	2022-11-22	not yet calculated	CVE-2022-44737 MISC
wordpress — wordpress	Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress.	2022-11-22	not yet calculated	CVE-2022-45363 MISC
xwiki — xwiki-platform	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on main wiki or edit the page and apply the changed described in commit fb49b4f.	2022-11-22	not yet calculated	CVE-2022-41937 MISC MISC CONFIRM
xwiki — xwiki-platform	XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It’s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: “` #if (!$services.csrf.isTokenValid($request.get(‘form_token’))) #set ($discard = $response.sendError(401, “Wrong CSRF token”)) #end “`	2022-11-23	not yet calculated	CVE-2022-41927 MISC CONFIRM
xwiki — xwiki-platform	XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: – 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 – 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 – 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23	2022-11-23	not yet calculated	CVE-2022-41928 CONFIRM MISC
xwiki — xwiki-platform	org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1.	2022-11-23	not yet calculated	CVE-2022-41929 CONFIRM MISC MISC
xwiki — xwiki-platform	org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page `XWiki.XWikiUserProfileSheet` in the wiki and by performing the changes contained in https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa.	2022-11-23	not yet calculated	CVE-2022-41930 MISC MISC CONFIRM
xwiki — xwiki-platform	xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes.	2022-11-23	not yet calculated	CVE-2022-41931 MISC MISC CONFIRM
xwiki — xwiki-platform	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue.	2022-11-23	not yet calculated	CVE-2022-41932 MISC CONFIRM
xwiki — xwiki-platform	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the “Forgot your password” link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It’s also possible for administrators to set some properties for the migration: it’s possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won’t be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords.	2022-11-23	not yet calculated	CVE-2022-41933 MISC MISC MISC CONFIRM MISC
xwiki — xwiki-platform	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate.	2022-11-23	not yet calculated	CVE-2022-41934 CONFIRM MISC MISC MISC MISC
xwiki — xwiki-platform	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue.	2022-11-23	not yet calculated	CVE-2022-41935 CONFIRM MISC MISC
xwiki — xwiki-platform	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user’s rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds.	2022-11-22	not yet calculated	CVE-2022-41936 CONFIRM MISC MISC
yiisoft — yii	`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.	2022-11-23	not yet calculated	CVE-2022-41922 CONFIRM MISC
yjcms — yjcms	An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.	2022-11-23	not yet calculated	CVE-2022-45276 MISC
yoroi — fusiondirectory	Fusiondirectory 1.3 suffers from Improper Session Handling.	2022-11-22	not yet calculated	CVE-2022-36179 MISC MISC
yoroi — fusiondirectory	Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.	2022-11-22	not yet calculated	CVE-2022-36180 MISC MISC
zte — mf286r	There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.	2022-11-22	not yet calculated	CVE-2022-39066 MISC
zte — mf286r	There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.	2022-11-22	not yet calculated	CVE-2022-39067 MISC
zte — pon_olt	There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.	2022-11-22	not yet calculated	CVE-2022-39070 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Vulnerability Summary for the Week of November 14, 2022

Post author By admin
Post date November 22, 2022

Original release date: November 21, 2022 | Last revised: November 22, 2022

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
aiphone — gt-dmb-n_firmware	Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges.	2022-11-14	7.5	CVE-2022-40903 MISC MISC
amazon — opensearch	OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue.	2022-11-15	9.8	CVE-2022-41918 MISC CONFIRM
amazon — opensearch_notifications	OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin 2.2.0 and below could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin’s intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds.	2022-11-11	8.7	CVE-2022-41906 MISC CONFIRM MISC
apache — airflow	A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.	2022-11-14	8.8	CVE-2022-40127 MISC MISC MLIST
apache — airflow	A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.	2022-11-14	7.5	CVE-2022-27949 MISC MISC MLIST
apache — archiva	If anonymous read enabled, it’s possible to read the database file directly without logging in.	2022-11-15	7.5	CVE-2022-40308 CONFIRM MLIST
apache — sshd	Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.	2022-11-16	9.8	CVE-2022-45047 CONFIRM
archesproject — arches	Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it’s possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds.	2022-11-11	9.8	CVE-2022-41892 CONFIRM
atlassian — bitbucket	There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.	2022-11-17	9.8	CVE-2022-43781 MISC MISC
atlassian — confluence_data_center	The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded.	2022-11-15	7.5	CVE-2022-42977 MISC
atlassian — confluence_data_center	In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.	2022-11-15	7.5	CVE-2022-42978 MISC
atlassian — crowd	Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd’s REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3	2022-11-17	9.8	CVE-2022-43782 MISC
automattic — crowdsignal_dashboard	Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.	2022-11-17	8.8	CVE-2022-45069 CONFIRM
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic.	2022-11-18	7.2	CVE-2022-44378 MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.	2022-11-18	7.2	CVE-2022-44379 MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction.	2022-11-17	7.2	CVE-2022-44402 MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=.	2022-11-17	7.2	CVE-2022-44403 MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=.	2022-11-18	7.2	CVE-2022-44413 MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=.	2022-11-18	7.2	CVE-2022-44414 MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=.	2022-11-18	7.2	CVE-2022-44415 MISC
automotive_shop_management_system_project — automotive_shop_management_system	Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=.	2022-11-18	7.2	CVE-2022-44820 MISC
axiosys — bento4	A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is the function AP4_StdcFileByteStream::ReadPartial of the file Ap4StdCFileByteStream.cpp of the component mp4info. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213553 was assigned to this vulnerability.	2022-11-13	8.8	CVE-2022-3974 N/A N/A N/A
backclick — backclick	An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed.	2022-11-17	9.8	CVE-2022-44001 MISC MISC
backclick — backclick	An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations.	2022-11-16	9.8	CVE-2022-44003 MISC MISC
backclick — backclick	An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password.	2022-11-16	9.8	CVE-2022-44004 MISC MISC
backclick — backclick	An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by uploading an executable file.	2022-11-16	9.8	CVE-2022-44006 MISC MISC
badgermeter — moni	In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS.	2022-11-15	8.8	CVE-2020-12507 MISC
badgermeter — moni	In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module.	2022-11-15	7.5	CVE-2020-12508 MISC
bruhn-newtech — cbrn-analysis	CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation.	2022-11-12	8.8	CVE-2022-45193 MISC
camp_project — camp	patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when password.txt is accessed can be bypassed. Furthermore, it is not necessary to crack the password hash to authenticate with the application because the password hash is also used as the cookie secret, so an attacker can generate his own authentication cookie.	2022-11-14	9.8	CVE-2022-37109 MISC MISC MISC
canteen_management_system_project — canteen_management_system	An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.	2022-11-15	9.8	CVE-2022-43265 MISC MISC
canteen_management_system_project — canteen_management_system	An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.	2022-11-14	7.2	CVE-2022-43146 MISC MISC
cisco — firepower_management_center	A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device.	2022-11-15	7.5	CVE-2022-20854 MISC
clogica — seo_redirection	Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress.	2022-11-18	8.8	CVE-2022-40695 CONFIRM CONFIRM
college_management_system_project — college_management_system	College Management System v1.0 – SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page.	2022-11-17	9.8	CVE-2022-39180 MISC
college_management_system_project — college_management_system	College Management System v1.0 – Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file.	2022-11-17	7.2	CVE-2022-39179 MISC
concretecms — concrete_cms	Concrete CMS is vulnerable to CSRF due to the lack of “State” parameter for external Concrete authentication service for users of Concrete who use the “out of the box” core OAuth.	2022-11-14	8.8	CVE-2022-43693 MISC MISC MISC MISC MISC
constantcontact — creative_mail	Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.	2022-11-18	8.8	CVE-2022-40686 CONFIRM
constantcontact — creative_mail	Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.	2022-11-18	8.8	CVE-2022-40687 CONFIRM
contec — solarview_compact_firmware	SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php	2022-11-17	9.8	CVE-2022-40881 MISC
crm42_project — crm42	A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42classclass.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability.	2022-11-11	9.8	CVE-2022-3955 N/A N/A
deltaww — diaenergie	SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network	2022-11-17	8.8	CVE-2022-41775 MISC
deltaww — diaenergie	SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network	2022-11-17	8.8	CVE-2022-43447 MISC
deltaww — diaenergie	SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network	2022-11-17	8.8	CVE-2022-43452 MISC
deltaww — diaenergie	SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network	2022-11-17	8.8	CVE-2022-43457 MISC
deltaww — diaenergie	SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network	2022-11-17	8.8	CVE-2022-43506 MISC
diffie-hellman_key_exchange_project — diffie-hellman_key_exchange	Using long exponents in the Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. An attacker may cause asymmetric resource consumption with any common client application which uses a DHE implementation that applies short exponents. The attack may be more disruptive in cases where a client sends arbitrary numbers that are actually not DH public keys (aka the D(HE)ater attack) or can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. This can affect TLS, SSH, and IKE.	2022-11-14	7.5	CVE-2022-40735 MISC MISC MISC MISC MISC
dolibarr — dolibarr_erp/crm	Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.	2022-11-17	9.8	CVE-2022-43138 MISC
dreamer_cms_project — dreamer_cms	Dreamer CMS 4.0.01 is vulnerable to SQL Injection.	2022-11-17	9.8	CVE-2022-42245 MISC
duofoxtechnologies — duofox_cms	Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.	2022-11-17	8.8	CVE-2022-42246 MISC
eolink — goku_lite	A vulnerability classified as critical has been found in eolinker goku_lite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213453 was assigned to this vulnerability.	2022-11-11	9.8	CVE-2022-3947 N/A N/A N/A
eolink — goku_lite	A vulnerability classified as critical was found in eolinker goku_lite. This vulnerability affects unknown code of the file /plugin/getList. The manipulation of the argument route/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-213454 is the identifier assigned to this vulnerability.	2022-11-11	9.8	CVE-2022-3948 N/A N/A N/A
erp_project — erp	A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451.	2022-11-11	8.8	CVE-2022-3944 N/A N/A
export_users_with_meta_project — export_users_with_meta	Auth. CSV Injection vulnerability in Export Users With Meta plugin <= 0.6.8 on WordPress.	2022-11-17	8	CVE-2022-44577 CONFIRM
eyoucms — eyoucms	EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.	2022-11-14	8.8	CVE-2022-43323 MISC
eyoucms — eyoucms	EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module.	2022-11-14	8.8	CVE-2022-44387 MISC
facebook — redex	DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.	2022-11-11	9.8	CVE-2022-36938 MISC
ferry_project — ferry	A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier assigned to this vulnerability.	2022-11-11	9.8	CVE-2022-3939 N/A
ferry_project — ferry	A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument file_name leads to path traversal. The associated identifier of this vulnerability is VDB-213447.	2022-11-11	9.8	CVE-2022-3940 N/A
ffmpeg — ffmpeg	A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.	2022-11-13	8.1	CVE-2022-3964 N/A N/A
ffmpeg — ffmpeg	A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.	2022-11-13	8.1	CVE-2022-3965 N/A N/A
follow_me_plugin_project — follow_me_plugin	The “Follow Me Plugin” plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2022-11-15	8.8	CVE-2022-3240 MISC MISC
freerdp — freerdp	FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.	2022-11-16	9.1	CVE-2022-39319 CONFIRM MISC
freerdp — freerdp	FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel – command line options `/drive`, `+drives` or `+home-drive`.	2022-11-16	9.1	CVE-2022-41877 CONFIRM MISC
freerdp — freerdp	FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.	2022-11-16	7.5	CVE-2022-39316 MISC CONFIRM
freerdp — freerdp	FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.	2022-11-16	7.5	CVE-2022-39318 CONFIRM MISC
freerdp — freerdp	FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.	2022-11-16	7.5	CVE-2022-39347 CONFIRM MISC
guitar-pro — guitar_pro	Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request.	2022-11-16	7.5	CVE-2022-43264 MISC
hashicorp — consul	HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering’s imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.	2022-11-16	7.5	CVE-2022-3920 MISC
heimdal_project — heimdal	Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal’s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal’s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.	2022-11-15	7.5	CVE-2022-41916 CONFIRM
hhims_project — hhims	A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability.	2022-11-11	9.8	CVE-2022-3956 N/A N/A
hms-php_project — hms-php	A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213551.	2022-11-13	9.8	CVE-2022-3972 N/A N/A
hms-php_project — hms-php	A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213552.	2022-11-13	9.8	CVE-2022-3973 N/A N/A
hoosk — hoosk	An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.	2022-11-16	9.8	CVE-2022-43234 MISC
hospital_management_center_project — hospital_management_center	A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213786 is the identifier assigned to this vulnerability.	2022-11-16	9.8	CVE-2022-4012 N/A N/A
hospital_management_center_project — hospital_management_center	A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787.	2022-11-16	8.8	CVE-2022-4013 N/A N/A
human_resource_management_system_project — human_resource_management_system	Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php.	2022-11-16	9.8	CVE-2022-43262 MISC
hyperledger — fabric	Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.	2022-11-12	7.5	CVE-2022-45196 MISC MISC
ibm — cics_tx	IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463.	2022-11-14	7.5	CVE-2022-34319 MISC MISC MISC
ibm — cics_tx	IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464.	2022-11-14	7.5	CVE-2022-34320 MISC MISC MISC
ibm — cloud_pak_for_security	IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786.	2022-11-11	8.8	CVE-2022-38387 MISC MISC
ibm — cloud_pak_for_security	IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777.	2022-11-15	8.1	CVE-2022-38385 MISC MISC
ibm — infosphere_information_server	IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687.	2022-11-16	9.8	CVE-2022-40752 MISC MISC
ibm — powervm_hypervisor	After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.	2022-11-11	9.8	CVE-2022-34331 MISC MISC
ikus-soft — rdiffweb	Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.	2022-11-14	9.8	CVE-2022-3362 CONFIRM MISC
insyde — insydeh2o	DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by	2022-11-14	7.8	CVE-2022-34325 MISC MISC
insyde — kernel	DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047	2022-11-15	7	CVE-2022-33905 MISC MISC
insyde — kernel	DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022050	2022-11-15	7	CVE-2022-33908 MISC MISC
insyde — kernel	DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corruption through a TOCTOU attack..This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051	2022-11-15	7	CVE-2022-33909 MISC MISC
insyde — kernel	DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022053	2022-11-15	7	CVE-2022-33983 MISC MISC
insyde — kernel	DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. This was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054	2022-11-15	7	CVE-2022-33984 MISC MISC
insyde — kernel	DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022055	2022-11-15	7	CVE-2022-33985 MISC MISC
intel — active_management_technology	Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.	2022-11-11	9.8	CVE-2022-26845 MISC
intel — active_management_technology	Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access.	2022-11-11	8.8	CVE-2022-29893 MISC
intel — active_management_technology	Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access.	2022-11-11	7.5	CVE-2022-27497 MISC
intel — advanced_link_analyzer	Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-27638 MISC
intel — data_center_manager	Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.	2022-11-11	8.8	CVE-2022-33942 MISC
intel — endpoint_management_assistant	Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-30297 MISC
intel — gametechdev_presentmon	Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.3	CVE-2022-26086 MISC
intel — glorp	Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-30548 MISC
intel — hyperscan	Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access.	2022-11-11	9.8	CVE-2022-29486 MISC
intel — manageability_commander	Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access.	2022-11-11	8.8	CVE-2022-26341 MISC
intel — nuc7i3dnbe_firmware	Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-26024 MISC
intel — nuc_10_performance_kit_nuc10i7fnhn_firmware	Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-36789 MISC
intel — nuc_11_compute_element_cm11ebi38w_firmware	Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-38099 MISC
intel — nuc_11_pro_kit_nuc11tnhi70z_firmware	Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-37334 MISC
intel — nuc_8_rugged_kit_nuc8cchkrn_firmware	Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-26124 MISC
intel — nuc_kit_nuc5i3myhe_firmware	Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-36370 MISC
intel — nuc_kit_nuc5i3ryh_firmware	Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-37345 MISC
intel — nuc_kit_wireless_adapter_driver_installer	Incorrect default permissions in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-36377 MISC
intel — nuc_kit_wireless_adapter_driver_installer	Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-36400 MISC
intel — nuc_kit_wireless_adapter_driver_installer	Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.3	CVE-2022-36380 MISC
intel — nuc_kit_wireless_adapter_driver_installer	Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.3	CVE-2022-36384 MISC
intel — quartus_prime	Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2022-27187 MISC
intel — quartus_prime	XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.	2022-11-11	7.5	CVE-2022-27233 MISC
intel — server_debug_and_provisioning_tool	Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access.	2022-11-11	7.5	CVE-2022-26508 MISC
intel — system_studio	Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.8	CVE-2021-33064 MISC
intel — vtune_profiler	Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	7.3	CVE-2022-26028 MISC
intel — xmm_7560_firmware	Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.	2022-11-11	9.6	CVE-2022-26513 MISC
intel — xmm_7560_firmware	Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.	2022-11-11	8.4	CVE-2022-27639 MISC
intel — xmm_7560_firmware	Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	8.2	CVE-2022-26079 MISC
intel — xmm_7560_firmware	Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	8.2	CVE-2022-26367 MISC
intel — xmm_7560_firmware	Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	8.2	CVE-2022-28126 MISC
intel — xmm_7560_firmware	Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.	2022-11-11	8.1	CVE-2022-26369 MISC
intel — xmm_7560_firmware	Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.	2022-11-11	7.2	CVE-2022-26045 MISC
intel — xmm_7560_firmware	Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.	2022-11-11	7.2	CVE-2022-27874 MISC
intel — xmm_7560_firmware	Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.	2022-11-11	7.2	CVE-2022-28611 MISC
ironmansoftware — powershell_universal	Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6.	2022-11-14	8.8	CVE-2022-45183 MISC CONFIRM MISC
ironmansoftware — powershell_universal	The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7.	2022-11-14	7.2	CVE-2022-45184 MISC CONFIRM MISC
jenkins — cccc	Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	2022-11-15	9.8	CVE-2022-45395 CONFIRM
jenkins — cloudbees_docker_hub/registry_notification	A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.	2022-11-15	7.5	CVE-2022-45385 CONFIRM
jenkins — config_rotator	Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with ‘.xml’ extension on the Jenkins controller file system.	2022-11-15	7.5	CVE-2022-45388 CONFIRM
jenkins — japex	Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	2022-11-15	9.8	CVE-2022-45400 CONFIRM
jenkins — ns-nd_integration_performance_publisher	Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.	2022-11-15	7.5	CVE-2022-38666 CONFIRM
jenkins — ns-nd_integration_performance_publisher	Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.	2022-11-15	7.5	CVE-2022-45391 CONFIRM
jenkins — osf_builder_suite_	Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	2022-11-15	9.8	CVE-2022-45397 CONFIRM
jenkins — pipeline_utility_steps	Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the ‘file:’ prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system.	2022-11-15	9.1	CVE-2022-45381 CONFIRM
jenkins — script_security	Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.	2022-11-15	7.5	CVE-2022-45379 CONFIRM
jenkins — sourcemonitor	Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	2022-11-15	9.8	CVE-2022-45396 CONFIRM
joinmastodon — mastodon	Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0.	2022-11-16	9.8	CVE-2022-2166 CONFIRM MISC
kavitareader — kavita	Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.	2022-11-14	9.8	CVE-2022-3993 CONFIRM MISC
keking — kkfileview	kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.	2022-11-17	7.5	CVE-2022-43140 MISC
konker — konker_platform	Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).	2022-11-15	8.8	CVE-2022-35613 MISC
libtiff — libtiff	A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.	2022-11-13	9.8	CVE-2022-3970 N/A N/A N/A N/A
liferay — digital_experience_platform	A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.	2022-11-15	7.5	CVE-2022-42123 MISC MISC MISC
liferay — digital_experience_platform	ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the ‘name’ field of a layout prototype.	2022-11-15	7.5	CVE-2022-42124 MISC MISC MISC MISC
liferay — digital_experience_platform	Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.	2022-11-15	7.5	CVE-2022-42125 MISC MISC MISC
liferay — dxp	A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences’ `namespace` attribute.	2022-11-15	9.8	CVE-2022-42120 MISC MISC MISC
liferay — liferay_portal	A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL.	2022-11-15	9.8	CVE-2022-42122 MISC MISC MISC
liferay — liferay_portal	A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template’s ‘Name’ field.	2022-11-15	8.8	CVE-2022-42121 MISC MISC MISC
limesurvey — limesurvey	LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php.	2022-11-15	7.2	CVE-2022-43279 MISC
linux — linux_kernel	A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.	2022-11-14	7.8	CVE-2022-3238 MISC
linuxfoundation — software_for_open_networking_in_the_cloud	There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.	2022-11-14	7.5	CVE-2022-0324 MISC MISC
manydesigns — portofino	A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability.	2022-11-11	7.1	CVE-2022-3952 N/A N/A N/A N/A
muffingroup — betheme	Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress.	2022-11-17	8.8	CVE-2022-45077 CONFIRM CONFIRM
mz-automation — libiec61850	A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556.	2022-11-13	8.8	CVE-2022-3976 N/A N/A N/A
nagvis — nagvis	A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. Upgrading to version 1.9.34 is able to address this issue. The name of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability.	2022-11-13	9.8	CVE-2022-3979 MISC MISC MISC
netatalk_project — netatalk	Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).	2022-11-12	7.8	CVE-2022-45188 MISC MISC MISC MISC
nextcloud — desktop	The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. “vbs”, is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused.	2022-11-11	7.8	CVE-2022-41882 MISC CONFIRM MISC MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php.	2022-11-16	9.8	CVE-2022-43135 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php.	2022-11-17	7.2	CVE-2022-43162 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /clients/view_client.php.	2022-11-17	7.2	CVE-2022-43163 MISC
online_leave_management_system_project — online_leave_management_system	Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=.	2022-11-17	7.2	CVE-2022-43179 MISC
palantir — foundry_build2	Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater.	2022-11-15	7.5	CVE-2022-27895 MISC
palantir — foundry_code-workbooks	Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0.	2022-11-14	7.5	CVE-2022-27896 MISC
phoenixcontact — automationworx_software_suite	In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.	2022-11-15	7.8	CVE-2022-3461 MISC
phoenixcontact — automationworx_software_suite	In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.	2022-11-15	7.8	CVE-2022-3737 MISC
phoenixcontact — fl_mguard_centerport_firmware	A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue.	2022-11-15	7.5	CVE-2022-3480 MISC
php — php	In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.	2022-11-14	7.1	CVE-2022-31630 MISC
pistar — pi-star_digital_voice_dashboard	Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.	2022-11-11	9.8	CVE-2022-45182 MISC MISC MISC MISC MISC
python — pillow	Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).	2022-11-14	7.5	CVE-2022-45198 MISC MISC MISC MISC MISC
python — pillow	Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.	2022-11-14	7.5	CVE-2022-45199 MISC MISC MISC MISC
qualcomm — apq8009_firmware	Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables	2022-11-15	7.8	CVE-2022-25724 CONFIRM
qualcomm — apq8009_firmware	Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables	2022-11-15	7.8	CVE-2022-25743 CONFIRM
qualcomm — apq8009_firmware	Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music	2022-11-15	7.5	CVE-2022-25710 CONFIRM
qualcomm — apq8009_firmware	Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking	2022-11-15	7.5	CVE-2022-33239 CONFIRM
qualcomm — aqt1000_firmware	Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables	2022-11-15	9.8	CVE-2022-33234 CONFIRM
qualcomm — aqt1000_firmware	Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables	2022-11-15	7.5	CVE-2022-25741 CONFIRM
qualcomm — aqt1000_firmware	Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking	2022-11-15	7.5	CVE-2022-33237 CONFIRM
qualcomm — ar8031_firmware	Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music	2022-11-15	9.8	CVE-2022-25674 CONFIRM
qualcomm — ar8031_firmware	Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music	2022-11-15	9.8	CVE-2022-25727 CONFIRM
qualcomm — ar8031_firmware	Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music	2022-11-15	7.5	CVE-2022-25742 CONFIRM
qualcomm — ar8035_firmware	Denial of service in MODEM due to reachable assertion in Snapdragon Mobile	2022-11-15	7.5	CVE-2022-25671 CONFIRM
qualcomm — ar8035_firmware	Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking	2022-11-15	7.5	CVE-2022-33236 CONFIRM
qualcomm — ar9380_firmware	Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking	2022-11-15	7.5	CVE-2022-25667 CONFIRM
rconfig — rconfig	An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.	2022-11-17	8.8	CVE-2022-44384 MISC
rukovoditel — rukovoditel	Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php.	2022-11-14	8.8	CVE-2022-43288 MISC
seacms — seacms	SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.	2022-11-16	9.8	CVE-2022-43256 MISC
silabs — emberznet	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers.	2022-11-14	9.8	CVE-2022-24937 MISC MISC
silabs — emberznet	A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.	2022-11-14	7.5	CVE-2022-24938 MISC MISC
simple_history_project — simple_history	A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213785 was assigned to this vulnerability.	2022-11-16	9.8	CVE-2022-4011 N/A N/A N/A
simple_image_gallery_web_app_project — simple_image_gallery_web_app	A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through “id” parameter on the album page.	2022-11-17	8.8	CVE-2021-38819 MISC
siyucms — siyucms	Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges	2022-11-14	7.2	CVE-2022-43030 MISC MISC
sophos — mobile	An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.	2022-11-16	9.8	CVE-2022-3980 CONFIRM
sports_club_management_system_project — sports_club_management_system	A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/make_payments.php. The manipulation of the argument m_id/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213789 was assigned to this vulnerability.	2022-11-16	9.8	CVE-2022-4015 N/A N/A
student_attendance_management_system_project — student_attendance_management_system	A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213845 was assigned to this vulnerability.	2022-11-17	7.2	CVE-2022-4052 MISC MISC
tagdiv_composer_project — tagdiv_composer	The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address	2022-11-14	9.8	CVE-2022-3477 CONFIRM
tasmota_project — tasmota	Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp.	2022-11-14	9.8	CVE-2022-43294 MISC MISC
tenda — ac1200_v-w15ev2_firmware	Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.	2022-11-15	9.8	CVE-2022-42058 MISC
tenda — ac1200_v-w15ev2_firmware	In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter.	2022-11-15	7.8	CVE-2022-40847 MISC
tenda — ac1200_v-w15ev2_firmware	Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function.	2022-11-15	7.8	CVE-2022-41395 MISC
tenda — ac1200_v-w15ev2_firmware	Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters.	2022-11-15	7.8	CVE-2022-41396 MISC
tenda — ac1200_v-w15ev2_firmware	Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function.	2022-11-15	7.8	CVE-2022-42053 MISC
tenda — ac1200_v-w15ev2_firmware	Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.	2022-11-15	7.5	CVE-2022-42060 MISC
thriveweb — wooswipe_woocommerce_gallery	Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress.	2022-11-17	8.8	CVE-2022-45066 CONFIRM
ultimatemember — ultimate_member	A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability.	2022-11-13	7.5	CVE-2022-3966 N/A N/A N/A
vestacp — control_panel	A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is 39561c32c12cabe563de48cc96eccb9e2c655e25. It is recommended to apply a patch to fix this issue. VDB-213546 is the identifier assigned to this vulnerability.	2022-11-13	7.8	CVE-2022-3967 N/A N/A
wbce — wbce_cms	A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The name of the patch is d394ba39a7bfeb31eda797b6195fd90ef74b2e75. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213716.	2022-11-15	7.5	CVE-2022-4006 MISC MISC MISC
wiesemann_&_theis — multiple_products	Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.	2022-11-15	9.8	CVE-2022-42785 MISC
wordplus — better_messages	Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress.	2022-11-19	8.8	CVE-2022-41609 CONFIRM CONFIRM
wowonder — wowonder	WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients.	2022-11-15	9.8	CVE-2022-42984 MISC MISC
wowonder — wowonder	WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs.	2022-11-15	7.5	CVE-2022-40405 MISC
wpforms — wpforms_pro	The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection.	2022-11-14	9.8	CVE-2022-3574 CONFIRM
xiongmaitech — xm-jpr2-lx_firmware	Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover.	2022-11-14	7.5	CVE-2021-38827 MISC
xuxueli — xxl-job	XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.	2022-11-17	8.8	CVE-2022-43183 MISC
zohocorp — manageengine_access_manager_plus	Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.	2022-11-12	9.8	CVE-2022-43671 MISC
zohocorp — manageengine_access_manager_plus	Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.	2022-11-12	9.8	CVE-2022-43672 MISC
zohocorp — manageengine_mobile_device_manager_plus	In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation.	2022-11-12	7.8	CVE-2022-41339 MISC
zohocorp — manageengine_supportcenter_plus	Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.	2022-11-12	8.8	CVE-2022-40773 MISC MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
activity_log_project — activity_log	A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448.	2022-11-11	5.3	CVE-2022-3941 N/A N/A N/A
amazon — opensearch	OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of potentially impacted files is limited to text files with read permissions allowed in the Java Security Manager policy configuration. OpenSearch version 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.	2022-11-16	4.3	CVE-2022-41917 CONFIRM MISC
anthologize_project — anthologize	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress.	2022-11-17	4.8	CVE-2022-44591 CONFIRM
apache — airflow	In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver’s `/login` endpoint.	2022-11-15	6.1	CVE-2022-45402 BUGTRAQ CONFIRM MLIST
apache — archiva	Users with write permissions to a repository can delete arbitrary directories.	2022-11-15	4.3	CVE-2022-40309 CONFIRM MLIST
backclick — backclick	An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations.	2022-11-16	6.1	CVE-2022-44002 MISC
benbodhi — svg_support	The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL.	2022-11-16	5.4	CVE-2022-4022 MISC MISC
bluecoral — chat_bubble	The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message	2022-11-14	6.1	CVE-2022-3415 CONFIRM
booster — booster_for_woocommerce	Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.	2022-11-18	4.3	CVE-2022-41805 CONFIRM
bruhn-newtech — cbrn-analysis	CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure.	2022-11-12	4.7	CVE-2022-45194 MISC
chameleon_project — chameleon	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on WordPress.	2022-11-17	4.8	CVE-2022-44736 CONFIRM
cisco — adaptive_security_appliance	A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust.	2022-11-15	6.8	CVE-2022-20826 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20831 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20832 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20833 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20834 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20835 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20836 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20838 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20839 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20840 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20843 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20872 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20905 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20932 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20935 MISC
cisco — firepower_management_center	Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.	2022-11-15	4.8	CVE-2022-20936 MISC
concretecms — concrete_cms	In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).	2022-11-14	6.5	CVE-2022-43686 MISC MISC MISC MISC MISC
concretecms — concrete_cms	Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.	2022-11-14	6.3	CVE-2022-43690 MISC MISC MISC MISC MISC
concretecms — concrete_cms	Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS – user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.	2022-11-14	6.1	CVE-2022-43692 MISC MISC MISC MISC MISC
concretecms — concrete_cms	Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.	2022-11-14	6.1	CVE-2022-43694 MISC MISC MISC MISC MISC
concretecms — concrete_cms	Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.	2022-11-14	6.1	CVE-2022-43967 MISC MISC MISC MISC MISC
concretecms — concrete_cms	Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.	2022-11-14	6.1	CVE-2022-43968 MISC MISC MISC MISC MISC
concretecms — concrete_cms	Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.	2022-11-14	5.4	CVE-2022-43687 MISC MISC MISC MISC MISC
concretecms — concrete_cms	Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.	2022-11-14	5.3	CVE-2022-43689 MISC MISC MISC MISC MISC
concretecms — concrete_cms	Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production.	2022-11-14	5.3	CVE-2022-43691 MISC MISC MISC MISC MISC
concretecms — concrete_cms	Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.	2022-11-14	4.8	CVE-2022-43688 MISC MISC MISC MISC MISC
concretecms — concrete_cms	Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.	2022-11-14	4.8	CVE-2022-43695 MISC MISC MISC MISC MISC
contiki-ng — contiki-ng	Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the “develop” branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub.	2022-11-11	5.4	CVE-2022-41873 CONFIRM MISC
cyberchimps — ifeature_slider	Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress.	2022-11-17	5.4	CVE-2022-45375 CONFIRM
digitialpixies — oauth_client	The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions.	2022-11-14	6.5	CVE-2022-3632 CONFIRM
digitialpixies — oauth_client	The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).	2022-11-14	4.8	CVE-2022-3631 CONFIRM
discourse — calendar	Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability only affects sites which have discourse post events enabled. This issue has been patched in commit `ca5ae3e7e` which will be included in future releases. Users unable to upgrade should disable the `discourse_post_event_enabled` setting to fully mitigate the issue. Also, it’s possible to prevent regular users from using this vulnerability by removing all groups from the `discourse_post_event_allowed_on_groups` but note that moderators will still be able to use it.	2022-11-14	5.4	CVE-2022-41913 CONFIRM MISC
discourse — discourse	Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been resolved in commit `a414520742` and will be included in future releases. Users are advised to upgrade. Users are also advised to set `SiteSetting.max_invites_per_day` to 0 until the patch is installed.	2022-11-14	6.5	CVE-2022-39385 CONFIRM MISC
drogon — drogon	A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464.	2022-11-11	5.3	CVE-2022-3959 N/A N/A N/A N/A
element — element	Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds.	2022-11-11	6.5	CVE-2022-41904 MISC CONFIRM
emlog — emlog	A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547.	2022-11-13	6.1	CVE-2022-3968 N/A N/A
eramba — eramba	A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field.	2022-11-14	5.4	CVE-2022-43342 MISC MISC
exiv2 — exiv2	A vulnerability was found in Exiv2. It has been classified as problematic. This affects the function QuickTimeVideo::multipleEntriesDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to infinite loop. It is possible to initiate the attack remotely. The name of the patch is 771ead87321ae6e39e5c9f6f0855c58cde6648f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213459.	2022-11-11	6.5	CVE-2022-3953 N/A N/A N/A
expresstech — quiz_and_survey_master	Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.	2022-11-18	6.1	CVE-2022-40698 CONFIRM
eyoucms — eyoucms	EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information.	2022-11-14	6.5	CVE-2022-44389 MISC
eyoucms — eyoucms	A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field.	2022-11-14	5.4	CVE-2022-44390 MISC
feehi — feehicms	A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788.	2022-11-16	4.3	CVE-2022-4014 N/A
foru_cms_project — foru_cms	A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability.	2022-11-11	5.4	CVE-2022-3943 N/A N/A
frappe — frappe	A vulnerability was found in Frappe. It has been rated as problematic. Affected by this issue is some unknown functionality of the file frappe/templates/includes/navbar/navbar_search.html of the component Search. The manipulation of the argument q leads to cross site scripting. The attack may be launched remotely. The name of the patch is bfab7191543961c6cb77fe267063877c31b616ce. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213560.	2022-11-14	6.1	CVE-2022-3988 N/A N/A N/A
gnome — nautilus	GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.	2022-11-14	5.5	CVE-2022-37290 MISC MISC MISC
gnuboard — gnuboard5	A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540.	2022-11-12	5.4	CVE-2022-3963 N/A N/A
gpac — gpac	A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.	2022-11-11	6.5	CVE-2022-3957 N/A N/A
guitar-pro — guitar_pro	A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the name of an uploaded file.	2022-11-16	6.1	CVE-2022-43263 MISC
hallowelt — bluespice	Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).	2022-11-15	6.1	CVE-2022-3895 CONFIRM
hallowelt — bluespice	Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks.	2022-11-15	5.4	CVE-2022-3958 CONFIRM
hallowelt — bluespice	Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.	2022-11-15	5.4	CVE-2022-41789 CONFIRM
hallowelt — bluespice	Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.	2022-11-15	5.4	CVE-2022-41814 CONFIRM
hallowelt — bluespice	Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.	2022-11-15	5.4	CVE-2022-42000 CONFIRM
hallowelt — bluespice	Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.	2022-11-15	5.4	CVE-2022-42001 CONFIRM
hallowelt — bluespice	Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application.	2022-11-15	4.8	CVE-2022-3893 CONFIRM
hallowelt — bluespice	Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application.	2022-11-15	4.8	CVE-2022-41611 CONFIRM
htmldoc_project — htmldoc	A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries.	2022-11-14	5.5	CVE-2022-0137 MISC MISC
hustoj_project — hustoj	Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.	2022-11-17	6.1	CVE-2022-42187 MISC
ibm — business_automation_workflow	Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978.	2022-11-17	5.4	CVE-2022-38390 MISC MISC
ibm — cics_tx	IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172.	2022-11-14	6.1	CVE-2022-38705 MISC MISC MISC
ibm — cics_tx	IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451.	2022-11-14	5.4	CVE-2022-34315 MISC MISC MISC
ibm — cics_tx	IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459.	2022-11-14	5.4	CVE-2022-34317 MISC MISC MISC
ibm — cics_tx	IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.	2022-11-14	5.3	CVE-2022-34316 MISC MISC MISC
ibm — cics_tx	IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467.	2022-11-14	5.3	CVE-2022-34329 MISC MISC MISC
ibm — cloud_pak_for_security	IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663.	2022-11-11	5.4	CVE-2022-36776 MISC MISC
ibm — infosphere_information_server	IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688.	2022-11-15	5.4	CVE-2022-40753 MISC MISC
ibm — mq	IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.	2022-11-11	6.5	CVE-2022-31772 MISC MISC
ibm — mq_internet_pass-thru	IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.	2022-11-14	5.5	CVE-2022-35719 MISC MISC
ibm — urbancode_deploy	IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including “Manage Security” permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601.	2022-11-17	4.9	CVE-2022-40751 MISC MISC
ibm — websphere_application_server	IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.	2022-11-11	5.4	CVE-2022-40750 MISC MISC
ikus-soft — rdiffweb	Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6.	2022-11-16	4.3	CVE-2022-4018 MISC CONFIRM
insyde — kernel	DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). This issue was discovered by Insyde engineering. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367	2022-11-14	6.4	CVE-2022-30773 MISC MISC
insyde — kernel	DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043	2022-11-15	6.4	CVE-2022-30774 MISC MISC
insyde — kernel	Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. “DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in Kernel 5.2: 05.27.21. Kernel 5.3: 05.36.21. Kernel 5.4: 05.44.21. Kernel 5.5: 05.52.21 https://www.insyde.com/security-pledge/SA-2022044	2022-11-15	6.4	CVE-2022-31243 MISC MISC
insyde — kernel	DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform.	2022-11-14	6.4	CVE-2022-32266 MISC MISC
insyde — kernel	DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack… This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046	2022-11-15	6.4	CVE-2022-32267 MISC MISC
insyde — kernel	DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022048	2022-11-15	6.4	CVE-2022-33906 MISC MISC
insyde — kernel	DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack… DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049	2022-11-14	6.4	CVE-2022-33907 MISC MISC
insyde — kernel	DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23 CWE-367	2022-11-14	6.4	CVE-2022-33982 MISC MISC
insyde — kernel	DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 CWE-367 Report at: https://www.insyde.com/security-pledge/SA-2022056	2022-11-15	6.4	CVE-2022-33986 MISC MISC
intel — active_management_technology	Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	6.7	CVE-2021-33159 MISC
intel — celeron_1000m_firmware	Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	6.4	CVE-2022-21198 MISC
intel — core_i5-7640x_firmware	Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	6.7	CVE-2022-26006 MISC
intel — nuc_11_performance_kit_nuc11pahi30z_firmware	Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	6.7	CVE-2022-33176 MISC
intel — nuc_8_compute_element_cm8i7cb_firmware	Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	6.7	CVE-2022-35276 MISC
intel — nuc_8_mainstream-g_kit_nuc8i7inh_firmware	Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	6.7	CVE-2021-33164 MISC
intel — nuc_board_de3815tybe_firmware	Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	6.7	CVE-2022-34152 MISC
intel — nuc_board_nuc5i3mybe_firmware	Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.	2022-11-11	5.5	CVE-2022-36349 MISC
intel — nuc_kit_nuc8i7hnk_firmware	Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	6.7	CVE-2022-21794 MISC
intel — nuc_m15_laptop_kit_lapbc510_firmware	Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	6.7	CVE-2022-32569 MISC
intel — openvino	Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access.	2022-11-11	6.5	CVE-2021-26251 MISC
intel — proset/wireless_wifi	Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.	2022-11-11	6.5	CVE-2022-26047 MISC
intel — s2600wf_firmware	Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access.	2022-11-11	6.7	CVE-2022-30542 MISC
intel — server_platform_services_firmware	Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access.	2022-11-11	5.5	CVE-2022-29466 MISC
intel — server_platform_services_firmware	Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.	2022-11-11	5.5	CVE-2022-29515 MISC
intel — sgx_sdk	Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.	2022-11-11	4.4	CVE-2022-27499 MISC
intel — support	Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access.	2022-11-11	5.5	CVE-2022-30691 MISC
intel — support	Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access.	2022-11-11	4.4	CVE-2022-36367 MISC
intel — wi-fi_6e_ax411_firmware	Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access.	2022-11-11	6.5	CVE-2022-28667 MISC
jenkins — associated_files	Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.	2022-11-15	5.4	CVE-2022-45401 CONFIRM
jenkins — bart	Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability.	2022-11-15	5.4	CVE-2022-45387 CONFIRM
jenkins — cluster_statistics	A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.	2022-11-15	4.3	CVE-2022-45398 CONFIRM
jenkins — cluster_statistics	A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.	2022-11-15	4.3	CVE-2022-45399 CONFIRM
jenkins — delete_log	A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs.	2022-11-15	4.3	CVE-2022-45394 CONFIRM
jenkins — junit	Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.	2022-11-15	5.4	CVE-2022-45380 CONFIRM
jenkins — loader.io	A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.	2022-11-15	4.3	CVE-2022-45390 CONFIRM
jenkins — naginator	Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.	2022-11-15	5.4	CVE-2022-45382 CONFIRM
jenkins — ns-nd_integration_performance_publisher	Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.	2022-11-15	6.5	CVE-2022-45392 CONFIRM
jenkins — reverse_proxy_auth	Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.	2022-11-15	6.5	CVE-2022-45384 CONFIRM
jenkins — support_core	An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.	2022-11-15	6.5	CVE-2022-45383 CONFIRM
jenkins — violations	Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	2022-11-15	5.5	CVE-2022-45386 CONFIRM
jenkins — xp-dev	A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository.	2022-11-15	5.3	CVE-2022-45389 CONFIRM
karmasis — infraskope_security_event_manager	Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to modificate logs.	2022-11-16	5.3	CVE-2022-24036 CONFIRM
kavitareader — kavita	Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.	2022-11-11	5.3	CVE-2022-3945 CONFIRM MISC
keyfactor — kefactor_ejbca	Keyfactor EJBCA before 7.10.0 allows XSS.	2022-11-17	5.4	CVE-2022-42954 CONFIRM
keyfactor — primekey_ejbca	A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.	2022-11-17	5.4	CVE-2022-39834 CONFIRM
liferay — digital_experience_platform	The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.	2022-11-15	5.9	CVE-2022-42132 MISC MISC MISC
liferay — digital_experience_platform	The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.	2022-11-15	5.3	CVE-2022-42127 MISC MISC MISC
liferay — digital_experience_platform	The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.	2022-11-15	5.3	CVE-2022-42128 MISC MISC MISC
liferay — digital_experience_platform	Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module’s REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3.	2022-11-15	4.8	CVE-2022-42131 MISC MISC MISC
liferay — digital_experience_platform	The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.	2022-11-15	4.3	CVE-2022-42126 MISC MISC MISC
liferay — digital_experience_platform	An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter.	2022-11-15	4.3	CVE-2022-42129 MISC MISC MISC
liferay — digital_experience_platform	The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries.	2022-11-15	4.3	CVE-2022-42130 MISC MISC MISC
liferay — liferay_portal	A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.	2022-11-15	6.1	CVE-2022-42110 MISC MISC
liferay — liferay_portal	A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter.	2022-11-15	6.1	CVE-2022-42118 MISC MISC MISC
liferay — liferay_portal	A Cross-site scripting (XSS) vulnerability in the Sharing module’s user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload.	2022-11-15	5.4	CVE-2022-42111 MISC MISC
liferay — liferay_portal	Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.	2022-11-15	5.4	CVE-2022-42119 MISC MISC MISC
linux — linux_kernel	An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.	2022-11-14	4.6	CVE-2022-3903 MISC MISC
linuxfoundation — kubevela	KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who’re using v1.6, please update the v1.6.1. Users who’re using v1.5, please update the v1.5.8. There are no known workarounds for this issue.	2022-11-16	6.5	CVE-2022-39383 CONFIRM MISC
matrix — matrix_irc_bridge	A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is 179313a37f06b298150edba3e2b0e5a73c1415e7. It is recommended to upgrade the affected component. VDB-213550 is the identifier assigned to this vulnerability.	2022-11-13	5.6	CVE-2022-3971 N/A N/A N/A N/A
metagauss — profilegrid	The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting	2022-11-14	6.1	CVE-2022-3578 CONFIRM
nintex — workflow	The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.	2022-11-14	6.1	CVE-2022-38167 MISC MISC
nodebb — nodebb	A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555.	2022-11-13	4.3	CVE-2022-3978 N/A N/A N/A N/A
nukeviet — nukeviet	A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.5 is able to address this issue. The name of the patch is 0b3197fad950bb3383e83039a8ee4c9509b3ce02. It is recommended to upgrade the affected component. VDB-213554 is the identifier assigned to this vulnerability.	2022-11-13	6.1	CVE-2022-3975 N/A N/A N/A
op5 — monitor	OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).	2022-11-14	6.1	CVE-2021-40272 MISC
openkm — openkm	A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548.	2022-11-13	5.5	CVE-2022-3969 N/A N/A N/A N/A
password_storage_application_project — password_storage_application	A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.	2022-11-17	6.1	CVE-2022-43142 MISC
permalink_manager_lite_project — permalink_manager_lite	The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2022-11-16	4.3	CVE-2022-4021 MISC MISC
phpservermonitor — php_server_monitor	A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is 3daa804d5f56c55b3ae13bfac368bb84ec632193. It is recommended to apply a patch to fix this issue. The identifier VDB-213717 was assigned to this vulnerability.	2022-11-15	5.3	CVE-2021-4240 MISC MISC MISC
phpservermonitor — php_server_monitor	A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is bb10a5f3c68527c58073258cb12446782d223bc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213744.	2022-11-15	5.3	CVE-2021-4241 MISC MISC MISC
publiccms — publiccms	A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456.	2022-11-11	6.1	CVE-2022-3950 N/A N/A
qualcomm — aqt1000_firmware	Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables	2022-11-15	5.5	CVE-2022-25676 CONFIRM
qualcomm — aqt1000_firmware	Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables	2022-11-15	5.5	CVE-2022-25679 CONFIRM
resmush.it — resmush.it_image_optimizer	The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.	2022-11-14	6.5	CVE-2022-2449 CONFIRM
resmush.it — resmush.it_image_optimizer	The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.	2022-11-14	4.3	CVE-2022-2450 CONFIRM
sanitization_management_system_project — sanitization_management_system	A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.	2022-11-11	6.1	CVE-2022-3942 N/A MISC
sanitization_management_system_project — sanitization_management_system	A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571.	2022-11-14	6.1	CVE-2022-3992 N/A
scratch-wiki — scratch_login	The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).	2022-11-17	4.8	CVE-2022-42985 MISC MISC
simple_cashiering_system_project — simple_cashiering_system	A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-213455.	2022-11-11	6.1	CVE-2022-3949 N/A
simplex — simplex_chat	SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol.	2022-11-12	5.3	CVE-2022-45195 MISC MISC MISC MISC
snakeyaml_project — snakeyaml	Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.	2022-11-11	6.5	CVE-2022-41854 CONFIRM
student_attendance_management_system_project — student_attendance_management_system	A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213846 is the identifier assigned to this vulnerability.	2022-11-17	4.8	CVE-2022-4053 MISC MISC
tenda — ac1200_v-w15ev2_firmware	The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they’re not explicitly authorized to have.	2022-11-15	6.5	CVE-2022-40845 MISC
tenda — ac1200_v-w15ev2_firmware	In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body.	2022-11-15	5.4	CVE-2022-40844 MISC
tenda — ac1200_v-w15ev2_firmware	The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator’s user account.	2022-11-15	4.9	CVE-2022-40843 MISC
tenda — ac1200_v-w15ev2_firmware	In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname.	2022-11-15	4.8	CVE-2022-40846 MISC
themepoints — testimonials	The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.	2022-11-14	4.8	CVE-2022-3539 CONFIRM
tibco — spotfire_server	The Visualizations component of TIBCO Software Inc.’s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0.	2022-11-15	5.4	CVE-2022-41558 CONFIRM CONFIRM
tribalsystems — zenario	Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.	2022-11-16	5.4	CVE-2022-44069 MISC
tribalsystems — zenario	Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles.	2022-11-16	5.4	CVE-2022-44070 MISC
tribalsystems — zenario	Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile.	2022-11-16	5.4	CVE-2022-44071 MISC
tribalsystems — zenario	Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts.	2022-11-16	5.4	CVE-2022-44073 MISC
webartesanal — mantenimiento_web	Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress.	2022-11-18	6.1	CVE-2022-38075 CONFIRM
webmaster_tools_verification_project — webmaster_tools_verification	The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins	2022-11-14	6.5	CVE-2022-3538 CONFIRM
wondercms — wondercms	A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel.	2022-11-17	6.1	CVE-2022-43332 MISC
wp_attachments_project — wp_attachments	The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).	2022-11-14	4.8	CVE-2022-3469 CONFIRM
wpb_show_core_project — wpb_show_core	The WPB Show Core WordPress plugin through TODO does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting	2022-11-14	6.1	CVE-2022-3484 CONFIRM
wsgidav_project — wsgidav	WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration.	2022-11-11	6.1	CVE-2022-41905 MISC CONFIRM
xiongmaitech — xm-jpr2-lx_firmware	Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing.	2022-11-14	5.3	CVE-2021-38828 MISC
xpdfreader — xpdf	XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.	2022-11-14	5.5	CVE-2022-43295 MISC
yikesinc — custom_product_tabs_for_woocommerce	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress.	2022-11-18	4.8	CVE-2022-43463 CONFIRM
zoneminder — zoneminder	A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 and requires a different attack method.	2022-11-15	5.4	CVE-2022-30768 MISC MISC
zoneminder — zoneminder	Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.	2022-11-15	4.6	CVE-2022-30769 MISC MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
ibm — cics_tx	IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447.	2022-11-14	3.3	CVE-2022-34312 MISC MISC MISC
ibm — cics_tx	IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450.	2022-11-14	3.3	CVE-2022-34314 MISC MISC MISC
ibm — cics_tx	IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449.	2022-11-14	3.1	CVE-2022-34313 MISC MISC MISC
ibm — partner_engagement_manager	IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424.	2022-11-16	3.3	CVE-2022-34354 MISC MISC
intel — wlan_authentication_and_privacy_infrastructure	Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access.	2022-11-11	3.3	CVE-2022-33973 MISC
jenkins — delete_log	A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs.	2022-11-15	3.5	CVE-2022-45393 CONFIRM
wp-polls_project — wp-polls	Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress.	2022-11-18	3.1	CVE-2022-40130 CONFIRM CONFIRM
zoom — vdi_windows_meeting_clients	The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.	2022-11-14	3.3	CVE-2022-28764 MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
amasty — magneto_2_blog_pro	The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response.	2022-11-17	not yet calculated	CVE-2022-36432 MISC
apple — mdnsresponser.ece	mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.	2022-11-17	not yet calculated	CVE-2022-23748 MISC
bkg — professional_ntripcaster	BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.	2022-11-17	not yet calculated	CVE-2022-42982 MISC MISC
carel — boss_mini	Carel Boss Mini 1.5.0 has Improper Access Control.	2022-11-18	not yet calculated	CVE-2022-34827 MISC MISC
cbeust — cbeust	A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-214027.	2022-11-19	not yet calculated	CVE-2022-4065 N/A N/A N/A
cisco — firepower_management_center	A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this vulnerability by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. To successfully exploit this vulnerability, an attacker would need valid credentials for a user with Device permissions: by default, only Administrators, Security Approvers and Network Admins user accounts have these permissions.	2022-11-15	not yet calculated	CVE-2022-20925 MISC
cisco — firepower_management_center	A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this vulnerability by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. To successfully exploit this vulnerability, an attacker would need valid credentials for a user with Device permissions: by default, only Administrators, Security Approvers and Network Admins user accounts have these permissions.	2022-11-15	not yet calculated	CVE-2022-20926 MISC
cisco — firepower_management_center	A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed.	2022-11-15	not yet calculated	CVE-2022-20938 MISC
cisco — firepower_management_center	A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device.	2022-11-15	not yet calculated	CVE-2022-20941 MISC
cisco — firepower_threat_defense	A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. An attacker could exploit this vulnerability by sending crafted TLS messages to an affected device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device.	2022-11-15	not yet calculated	CVE-2022-20940 MISC
cisco — firepower_threat_defense	A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM”] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.	2022-11-15	not yet calculated	CVE-2022-20946 MISC
cisco — firepower_threat_defense	A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. An attacker could exploit this vulnerability by sending specific messages to the affected HTTPS handler. A successful exploit could allow the attacker to perform configuration changes on the affected system, which should be configured and managed only through Cisco Firepower Management Center (FMC) Software.	2022-11-15	not yet calculated	CVE-2022-20949 MISC
cisco — firepower_threat_defense	A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition.	2022-11-15	not yet calculated	CVE-2022-20950 MISC
cisco — multiple_products	A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential. This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed.	2022-11-15	not yet calculated	CVE-2022-20918 MISC
cisco — multiple_products	Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details [“#details”] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.	2022-11-15	not yet calculated	CVE-2022-20922 MISC
cisco — multiple_products	A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.	2022-11-15	not yet calculated	CVE-2022-20924 MISC
cisco — multiple_products	A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.	2022-11-15	not yet calculated	CVE-2022-20927 MISC
cisco — multiple_products	A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to a flaw in the authorization verifications during the VPN authentication flow. An attacker could exploit this vulnerability by sending a crafted packet during a VPN authentication. The attacker must have valid credentials to establish a VPN connection. A successful exploit could allow the attacker to establish a VPN connection with access privileges from a different user.	2022-11-15	not yet calculated	CVE-2022-20928 MISC
cisco — multiple_products	A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials.	2022-11-15	not yet calculated	CVE-2022-20934 MISC
cisco — multiple_products	Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details [“#details”] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.	2022-11-15	not yet calculated	CVE-2022-20943 MISC
cisco — multiple_products	A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU”] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.	2022-11-15	not yet calculated	CVE-2022-20947 MISC
d-link — d-link	D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. Information Disclosure – file contains a URL with private IP at line 15 “login.asp” A. The window.location.href = http://192.168.1.1/setupWizard.asp” http://192.168.1.1/setupWizard.asp” ; “admin” – contains default username value “login.asp” B. While accessing the web interface, the login form at Authorization Bypass – URL by “setupWizard.asp’ while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a “login_glag” and “login_status” checking browser and to read the admin user credentials for the web interface.	2022-11-17	not yet calculated	CVE-2022-36785 MISC
d-link — d-link	DLINK – DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.	2022-11-17	not yet calculated	CVE-2022-36786 MISC
d-link — dir3060	D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.	2022-11-18	not yet calculated	CVE-2022-44204 MISC MISC
dalli — dalli	A vulnerability was found in Dalli. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to apply a patch to fix this issue. VDB-214026 is the identifier assigned to this vulnerability.	2022-11-19	not yet calculated	CVE-2022-4064 MISC MISC MISC MISC
davidmoreno — onion	A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is de8ea938342b36c28024fd8393ebc27b8442a161. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-214028.	2022-11-19	not yet calculated	CVE-2022-4066 N/A N/A N/A
dedecms — dedecms	An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886.	2022-11-17	not yet calculated	CVE-2022-43192 MISC
drachtio — drachtio_server	In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.	2022-11-18	not yet calculated	CVE-2022-45473 MISC
drachtio — drachtio_server	drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.	2022-11-18	not yet calculated	CVE-2022-45474 MISC
elastic — kibana	An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.	2022-11-18	not yet calculated	CVE-2021-22141 MISC MISC
elastic — kibana	It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user.	2022-11-18	not yet calculated	CVE-2021-37936 MISC MISC
elsight — halo_rce	Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution.	2022-11-17	not yet calculated	CVE-2022-36784 MISC
esri — arcgis_quick_capture_web_designer	An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain.	2022-11-15	not yet calculated	CVE-2022-38201 MISC
flarum — flarum	Flarum is an open source discussion platform. Flarum’s page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue.	2022-11-19	not yet calculated	CVE-2022-41938 CONFIRM MISC MISC
free5gc — free5gc	In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.	2022-11-18	not yet calculated	CVE-2022-38871 MISC
freerdp — freerdp	FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.	2022-11-16	not yet calculated	CVE-2022-39317 CONFIRM
freerdp — freerdp	FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.	2022-11-16	not yet calculated	CVE-2022-39320 CONFIRM
glpi_project — glpi_project	GLPI – Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) – The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker’s content back to the victim, the content is executed by the victim’s browser.	2022-11-17	not yet calculated	CVE-2022-39181 MISC
google — android	In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555070References: N/A	2022-11-17	not yet calculated	CVE-2022-20427 MISC
google — android	In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555411References: N/A	2022-11-17	not yet calculated	CVE-2022-20428 MISC
google — android	In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239556260References: N/A	2022-11-17	not yet calculated	CVE-2022-20459 MISC
google — android	In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239557547References: N/A	2022-11-17	not yet calculated	CVE-2022-20460 MISC
google — android	In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/A	2022-11-17	not yet calculated	CVE-2022-42533 MISC
horner_automation — cscape	Horner Automation’s Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read.	2022-11-15	not yet calculated	CVE-2022-3377 MISC
hostel_searching_project — hostel_searching_project	A vulnerability has been found in Hostel Searching Project and classified as critical. This vulnerability affects unknown code of the file view-property.php. The manipulation of the argument property_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213844.	2022-11-17	not yet calculated	CVE-2022-4051 MISC MISC
imperva — equalweb_accessibility_widget	EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.	2022-11-17	not yet calculated	CVE-2022-42960 MISC
installbuilder — installbuilder	InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL.	2022-11-18	not yet calculated	CVE-2022-31694 MISC
insyde — ahcibusdxe	SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059	2022-11-15	not yet calculated	CVE-2022-29276 MISC MISC
insyde — fwblockservicesmm	Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060	2022-11-15	not yet calculated	CVE-2022-29277 MISC MISC
insyde — multiple_products	Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062	2022-11-15	not yet calculated	CVE-2022-29279 MISC MISC
insyde — nvmexpressdxe	Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061	2022-11-15	not yet calculated	CVE-2022-29278 MISC MISC
insyde — pnpsmm	Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064	2022-11-15	not yet calculated	CVE-2022-30771 MISC MISC
insyde — pnpsmm	Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065	2022-11-15	not yet calculated	CVE-2022-30772 MISC MISC
insyde — usbcoredxe	In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058	2022-11-15	not yet calculated	CVE-2022-29275 MISC MISC
insyde — usbcoredxe	In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. The code which uses can be inside of SMM, making the working buffer untrusted input. The buffer can be corrupted by DMA transfers. The SMM code code attempts to sanitize pointers to ensure all pointers refer to the working buffer, but when a pointer is not found in the list of pointers to sanitize, the current action is not aborted, leading to undefined behavior. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in: Kernel 5.0: Version 05.09. 21 Kernel 5.1: Version 05.17.21 Kernel 5.2: Version 05.27.21 Kernel 5.3: Version 05.36.21 Kernel 5.4: Version 05.44.21 Kernel 5.5: Version 05.52.21 https://www.insyde.com/security-pledge/SA-2022063	2022-11-15	not yet calculated	CVE-2022-30283 MISC MISC
intel — server_board_m50cyp_family	Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access.	2022-11-11	not yet calculated	CVE-2022-25917 MISC
intelbras — sg_2404_mr	INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.	2022-11-18	not yet calculated	CVE-2022-43308 MISC MISC
iobit — iotransfer	IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.	2022-11-18	not yet calculated	CVE-2022-37197 MISC
jetbrains — hub	In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address	2022-11-18	not yet calculated	CVE-2022-45471 MISC
karmasis_bilisim_cozumleri — infraskope_security_event_manager	Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to obtain critical information.	2022-11-18	not yet calculated	CVE-2022-24037 CONFIRM
karmasis_bilisim_cozumleri — infraskope_security_event_manager	Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed.	2022-11-18	not yet calculated	CVE-2022-24038 CONFIRM
knative — func	knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.	2022-11-19	not yet calculated	CVE-2022-41939 MISC MISC MISC CONFIRM
lancet — lancet	Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue.	2022-11-17	not yet calculated	CVE-2022-41920 MISC MISC MISC CONFIRM
lief — lief	A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.	2022-11-17	not yet calculated	CVE-2022-43171 MISC
lightning_network_daemon — lightning_network_daemon	Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version `v0.15.4` are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. Opening channels is prohibited, and also on chain transaction events will be undetected. This can cause loss of funds if a CSV expiry is researched during a breach attempt or a CLTV delta expires forgetting the funds in the HTLC. A patch is available in `lnd` version 0.15.4. Users are advised to upgrade. Users unable to upgrade may use the `lncli updatechanpolicy` RPC call to increase their CLTV value to a very high amount or increase their fee policies. This will prevent nodes from routing through your node, meaning that no pending HTLCs can be present.	2022-11-17	not yet calculated	CVE-2022-39389 MISC MISC CONFIRM MISC
linaro — automated_validation_architecture	In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.	2022-11-18	not yet calculated	CVE-2022-44641 MISC
linaro — automated_validation_architecture	In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.	2022-11-18	not yet calculated	CVE-2022-45132 MISC MISC
manageengine — zoho_manageengine_admanager_plus	Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.	2022-11-18	not yet calculated	CVE-2022-42904 MISC
manageengine — zoho_manageengine_supportcenter_plus	Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.	2022-11-17	not yet calculated	CVE-2022-42903 MISC
maradns — deadwood	An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for “Ghost” domain names.	2022-11-19	not yet calculated	CVE-2022-30256 MISC MISC
media5_corporation — mediatrix	Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.	2022-11-17	not yet calculated	CVE-2022-43096 MISC MISC
monikabrzica — scm	A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Affected by this issue is some unknown functionality of the file upis_u_bazu.php. The manipulation of the argument email/lozinka/ime/id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-213698 is the identifier assigned to this vulnerability.	2022-11-15	not yet calculated	CVE-2022-3997 MISC MISC
monikabrzica — scm	A vulnerability, which was classified as critical, was found in MonikaBrzica scm. This affects an unknown part of the file uredi_korisnika.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213699.	2022-11-15	not yet calculated	CVE-2022-3998 MISC MISC
nvidia — cuda_toolkit_sdk	NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user.	2022-11-19	not yet calculated	CVE-2022-34667 MISC
nvidia — gpu_display_driver	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.	2022-11-19	not yet calculated	CVE-2022-31610 MISC
nvidia — gpu_display_driver	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information.	2022-11-19	not yet calculated	CVE-2022-31612 MISC
nvidia — gpu_display_driver	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic.	2022-11-19	not yet calculated	CVE-2022-31613 MISC
nvidia — gpu_display_driver	NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.	2022-11-19	not yet calculated	CVE-2022-31615 MISC
nvidia — gpu_display_driver	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure.	2022-11-19	not yet calculated	CVE-2022-31616 MISC
nvidia — gpu_display_driver	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.	2022-11-19	not yet calculated	CVE-2022-31617 MISC
nvidia — gpu_display_driver	NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.	2022-11-19	not yet calculated	CVE-2022-34665 MISC
nvidia — gpu_display_driver	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering.	2022-11-19	not yet calculated	CVE-2022-31606 MISC
nvidia — gpu_display_driver	NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure.	2022-11-19	not yet calculated	CVE-2022-31607 MISC
nvidia — gpu_display_driver	NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.	2022-11-19	not yet calculated	CVE-2022-31608 MISC
nxp — multiple_products	An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)	2022-11-18	not yet calculated	CVE-2022-45163 MISC MISC
opc_foundation — local_discovery_server	OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).	2022-11-17	not yet calculated	CVE-2022-44725 MISC MISC
pentagrid — seppmail	The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address.	2022-11-18	not yet calculated	CVE-2021-31739 MISC
proofpoint — enterprise_protection	Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.	2022-11-17	not yet calculated	CVE-2021-31608 MISC
red_lion_controls — crimson	Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user’s password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.	2022-11-17	not yet calculated	CVE-2022-3090 MISC
siemens — syngo_dynamics	A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.	2022-11-17	not yet calculated	CVE-2022-42732 MISC
siemens — syngo_dynamics	A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.	2022-11-17	not yet calculated	CVE-2022-42733 MISC
siemens — syngo_dynamics	A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.	2022-11-17	not yet calculated	CVE-2022-42734 MISC
siemens — syngo_dynamics	A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.	2022-11-17	not yet calculated	CVE-2022-42891 MISC
siemens — syngo_dynamics	A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website’s application pool.	2022-11-17	not yet calculated	CVE-2022-42892 MISC
siemens — syngo_dynamics	A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.	2022-11-17	not yet calculated	CVE-2022-42893 MISC
siemens — syngo_dynamics	A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration.	2022-11-17	not yet calculated	CVE-2022-42894 MISC
silicon_labs — ember_znet	A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.	2022-11-18	not yet calculated	CVE-2022-24939 MISC MISC
silicon_labs — micrium_uc-http	Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.	2022-11-15	not yet calculated	CVE-2022-24942 MISC MISC
synthesia — synthesia	A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes.	2022-11-17	not yet calculated	CVE-2021-33897 MISC MISC
syss_gmbh — backclick_professional	An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server.	2022-11-16	not yet calculated	CVE-2022-43999 MISC MISC
syss_gmbh — backclick_professional	An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server.	2022-11-16	not yet calculated	CVE-2022-44000 MISC MISC
syss_gmbh — backclick_professional	An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers’ e-mail addresses. Furthermore, it is possible to subscribe and verify other persons’ e-mail addresses to newsletters without their consent.	2022-11-16	not yet calculated	CVE-2022-44005 MISC MISC
syss_gmbh — backclick_professional	An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.	2022-11-16	not yet calculated	CVE-2022-44007 MISC MISC
syss_gmbh — backclick_professional	An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly.	2022-11-16	not yet calculated	CVE-2022-44008 MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41895 CONFIRM MISC MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41880 CONFIRM MISC MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41883 MISC MISC CONFIRM MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41884 CONFIRM MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41885 MISC CONFIRM MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41886 MISC CONFIRM MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9.	2022-11-18	not yet calculated	CVE-2022-41887 MISC CONFIRM MISC MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41888 MISC MISC CONFIRM
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41889 CONFIRM MISC MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41890 MISC MISC CONFIRM
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41891 MISC MISC CONFIRM
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41893 CONFIRM MISC MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41894 MISC MISC CONFIRM
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41896 MISC MISC CONFIRM
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41897 MISC CONFIRM MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41898 CONFIRM MISC MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41899 CONFIRM MISC MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1.	2022-11-18	not yet calculated	CVE-2022-41900 CONFIRM MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41901 MISC CONFIRM MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41907 MISC MISC CONFIRM
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41908 MISC MISC CONFIRM
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41909 CONFIRM MISC MISC MISC
tensorflow — tensorflow	TensorFlow is an open source platform for machine learning. When printing a tensor, we get it’s data as a `const char*` array (since that’s the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.	2022-11-18	not yet calculated	CVE-2022-41911 MISC MISC CONFIRM
veritas_support — netbackup	The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.	2022-11-17	not yet calculated	CVE-2022-45461 MISC
webvendome — internal_server	Webvendome – Webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure.	2022-11-17	not yet calculated	CVE-2022-39178 MISC
webvendome — webvendome	Webvendome – Webvendome SQL Injection. SQL Injection in the Parameter ” DocNumber” Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE.	2022-11-17	not yet calculated	CVE-2022-36787 MISC
windows — wire	Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppDataRoamingWireIndexedDBhttps_app.wire.com_0.indexeddb.leveldb database.	2022-11-18	not yet calculated	CVE-2022-43673 MISC MISC
withsecure — withsecure	WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 4 of 5).	2022-11-17	not yet calculated	CVE-2022-38165 MISC
wordpress — wordpress	Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress.	2022-11-17	not yet calculated	CVE-2021-36905 CONFIRM CONFIRM
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress.	2022-11-17	not yet calculated	CVE-2022-40694 CONFIRM
wordpress — wordpress	Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress.	2022-11-18	not yet calculated	CVE-2022-40963 CONFIRM CONFIRM
wordpress — wordpress	Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress.	2022-11-17	not yet calculated	CVE-2022-41132 CONFIRM
wordpress — wordpress	Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress.	2022-11-18	not yet calculated	CVE-2022-41135 CONFIRM
wordpress — wordpress	Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.	2022-11-19	not yet calculated	CVE-2022-41155 CONFIRM CONFIRM
wordpress — wordpress	Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress.	2022-11-17	not yet calculated	CVE-2022-41315 CONFIRM
wordpress — wordpress	Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.	2022-11-18	not yet calculated	CVE-2022-41615 CONFIRM CONFIRM
wordpress — wordpress	Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.	2022-11-18	not yet calculated	CVE-2022-41618 CONFIRM CONFIRM
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.	2022-11-18	not yet calculated	CVE-2022-41634 CONFIRM CONFIRM
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress.	2022-11-18	not yet calculated	CVE-2022-41643 CONFIRM CONFIRM
wordpress — wordpress	Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.	2022-11-18	not yet calculated	CVE-2022-41652 CONFIRM
wordpress — wordpress	Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress.	2022-11-18	not yet calculated	CVE-2022-41655 CONFIRM CONFIRM
wordpress — wordpress	Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter’s Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress.	2022-11-18	not yet calculated	CVE-2022-41685 CONFIRM CONFIRM CONFIRM CONFIRM
wordpress — wordpress	Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.	2022-11-18	not yet calculated	CVE-2022-41692 CONFIRM
wordpress — wordpress	Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.	2022-11-18	not yet calculated	CVE-2022-41781 CONFIRM
wordpress — wordpress	Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.	2022-11-18	not yet calculated	CVE-2022-41788 CONFIRM CONFIRM
wordpress — wordpress	Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.	2022-11-17	not yet calculated	CVE-2022-41791 CONFIRM
wordpress — wordpress	Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.	2022-11-18	not yet calculated	CVE-2022-41839 CONFIRM
wordpress — wordpress	Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.	2022-11-18	not yet calculated	CVE-2022-41840 CONFIRM
wordpress — wordpress	Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress.	2022-11-18	not yet calculated	CVE-2022-42459 CONFIRM CONFIRM
wordpress — wordpress	Broken Access Control vulnerability in miniOrange’s Google Authenticator plugin <= 5.6.1 on WordPress.	2022-11-18	not yet calculated	CVE-2022-42461 CONFIRM
wordpress — wordpress	Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.	2022-11-18	not yet calculated	CVE-2022-42497 CONFIRM CONFIRM
wordpress — wordpress	Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.	2022-11-18	not yet calculated	CVE-2022-42698 CONFIRM CONFIRM
wordpress — wordpress	Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.	2022-11-18	not yet calculated	CVE-2022-42883 CONFIRM
wordpress — wordpress	Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.	2022-11-18	not yet calculated	CVE-2022-43482 CONFIRM
wordpress — wordpress	Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.	2022-11-18	not yet calculated	CVE-2022-43492 CONFIRM CONFIRM
wordpress — wordpress	Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.	2022-11-18	not yet calculated	CVE-2022-44583 CONFIRM CONFIRM
wordpress — wordpress	Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.	2022-11-18	not yet calculated	CVE-2022-44584 CONFIRM CONFIRM
wordpress — wordpress	Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress.	2022-11-18	not yet calculated	CVE-2022-44634 CONFIRM CONFIRM
wordpress — wordpress	Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress.	2022-11-18	not yet calculated	CVE-2022-44740 CONFIRM CONFIRM
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.	2022-11-17	not yet calculated	CVE-2022-45071 CONFIRM
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.	2022-11-17	not yet calculated	CVE-2022-45072 CONFIRM
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress.	2022-11-18	not yet calculated	CVE-2022-45073 CONFIRM
wordpress — wordpress	Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key.	2022-11-18	not yet calculated	CVE-2022-45082 CONFIRM CONFIRM
wordpress — wordpress	Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress.	2022-11-18	not yet calculated	CVE-2022-45369 CONFIRM
wordpress — wordpress	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ULTIMATE TABLES plugin <= 1.6.5 on WordPress.	2022-11-17	not yet calculated	CVE-2022-36357 CONFIRM
wordpress — wordpress	Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content).	2022-11-17	not yet calculated	CVE-2022-38461 CONFIRM
wordpress — wordpress	Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.	2022-11-18	not yet calculated	CVE-2022-38974 CONFIRM
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.	2022-11-17	not yet calculated	CVE-2022-40192 CONFIRM
wordpress — wordpress	Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.	2022-11-17	not yet calculated	CVE-2022-40200 CONFIRM CONFIRM
wordpress — wordpress	Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress.	2022-11-18	not yet calculated	CVE-2022-40216 CONFIRM CONFIRM
xdg-email — xdg-email	When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.	2022-11-19	not yet calculated	CVE-2022-4055 MISC
xpdf — xpdf	A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.	2022-11-15	not yet calculated	CVE-2022-43071 MISC
zoom — client_for_meetings_installer	The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root.	2022-11-17	not yet calculated	CVE-2022-28768 MISC
zoom — multiple_products	Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.	2022-11-17	not yet calculated	CVE-2022-28766 MISC
zoom — rooms_installer_for_windows	The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.	2022-11-17	not yet calculated	CVE-2022-36924 MISC
zulip — zulip	Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be possible for an attacker to infer the value of the token by performing a sophisticated timing analysis on a large number of failing requests. If successful, this would allow the attacker to impersonate the SCIM client for its abilities to read and update user accounts in the Zulip organization. Organizations where SCIM account management has not been enabled are not affected.	2022-11-16	not yet calculated	CVE-2022-41914 CONFIRM MISC

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain

Post author By admin
Post date November 18, 2022

Original release date: November 17, 2022

Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series – Recommended Practices Guide for Customers. This publication follows the August 2022 release of guidance for developers and October 2022 release of guidance for suppliers.

The guidance released today, along with its accompanying fact sheet, provides recommended practices for software customers to ensure the integrity and security of software during the procuring and deployment phases.

The Securing Software Supply Chain Series is an output of the Enduring Security Framework (ESF), a public-private cross-sector working group led by NSA and CISA. This series complements other U.S. government efforts underway to help the software ecosystem secure the supply chain, such as the software bill of materials (SBOM) community.

CISA encourages all organizations that participate in the software supply chain to review the guidance. See CISA’s Information and Communications Technology (ICT) Supply Chain Risk Management Task Force, ICT Supply Chain Resource Library, and National Risk Management Center (NRMC) webpages for additional guidance.

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

#StopRansomware: Hive

Post author By admin
Post date November 17, 2022

Original release date: November 17, 2022

Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) #StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Hive ransomware variants. FBI investigations identified these TTPs and IOCs as recently as November 2022.

Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and—especially—Healthcare and Public Health (HPH).

CISA encourages network defenders to review the CSA and to apply the included mitigations. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

AA22-321A: #StopRansomware: Hive Ransomware

Post author By admin
Post date November 17, 2022

Original release date: November 17, 2022

Summary

Actions to Take Today to Mitigate Cyber Threats from Ransomware:

• Prioritize remediating known exploited vulnerabilities.
• Enable and enforce multifactor authentication with strong passwords
• Close unused ports and remove any application not deemed necessary for day-to-day operations.

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022.

FBI, CISA, and HHS encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents. Victims of ransomware operations should report the incident to their local FBI field office or CISA.

Download the PDF version of this report: pdf, 852.9 kb.

Technical Details

Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 12. See MITRE ATT&CK for Enterprise for all referenced tactics and techniques.

As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments, according to FBI information. Hive ransomware follows the ransomware-as-a-service (RaaS) model in which developers create, maintain, and update the malware, and affiliates conduct the ransomware attacks. From June 2021 through at least November 2022, threat actors have used Hive ransomware to target a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

The method of initial intrusion will depend on which affiliate targets the network. Hive actors have gained initial access to victim networks by using single factor logins via Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols [T1133]. In some cases, Hive actors have bypassed multifactor authentication (MFA) and gained access to FortiOS servers by exploiting Common Vulnerabilities and Exposures (CVE) CVE-2020-12812. This vulnerability enables a malicious cyber actor to log in without a prompt for the user’s second authentication factor (FortiToken) when the actor changes the case of the username.

Hive actors have also gained initial access to victim networks by distributing phishing emails with malicious attachments [T1566.001] and by exploiting the following vulnerabilities against Microsoft Exchange servers [T1190]:

CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability
CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-34523 – Microsoft Exchange Server Privilege Escalation Vulnerability

After gaining access, Hive ransomware attempts to evade detention by executing processes to:

Identify processes related to backups, antivirus/anti-spyware, and file copying and then terminating those processes to facilitate file encryption [T1562].
Stop the volume shadow copy services and remove all existing shadow copies via vssadmin on command line or via PowerShell [T1059] [T1490].
Delete Windows event logs, specifically the System, Security and Application logs [T1070].

Prior to encryption, Hive ransomware removes virus definitions and disables all portions of Windows Defender and other common antivirus programs in the system registry [T1112].

Hive actors exfiltrate data likely using a combination of Rclone and the cloud storage service Mega.nz [T1537]. In addition to its capabilities against the Microsoft Windows operating system, Hive ransomware has known variants for Linux, VMware ESXi, and FreeBSD.

During the encryption process, a file named *.key (previously *.key.*) is created in the root directory (C: or /root/). Required for decryption, this key file only exists on the machine where it was created and cannot be reproduced. The ransom note, HOW_TO_DECRYPT.txt is dropped into each affected directory and states the *.key file cannot be modified, renamed, or deleted, otherwise the encrypted files cannot be recovered [T1486]. The ransom note contains a “sales department” .onion link accessible through a TOR browser, enabling victim organizations to contact the actors through a live chat panel to discuss payment for their files. However, some victims reported receiving phone calls or emails from Hive actors directly to discuss payment.

The ransom note also threatens victims that a public disclosure or leak site accessible on the TOR site, “HiveLeaks”, contains data exfiltrated from victim organizations who do not pay the ransom demand (see figure 1 below). Additionally, Hive actors have used anonymous file sharing sites to disclose exfiltrated data (see table 1 below).

*Table 1: Anonymous File Sharing Sites Used to Disclose Data*
https://anonfiles[.]com
https://mega[.]nz
https://send.exploit[.]in
https://ufile[.]io
https://www.sendspace[.]com
https://privatlab[.]net
https://privatlab[.]com

Once the victim organization contacts Hive actors on the live chat panel, Hive actors communicate the ransom amount and the payment deadline. Hive actors negotiate ransom demands in U.S. dollars, with initial amounts ranging from several thousand to millions of dollars. Hive actors demand payment in Bitcoin.

Hive actors have been known to reinfect—with either Hive ransomware or another ransomware variant—the networks of victim organizations who have restored their network without making a ransom payment.

Indicators of Compromise

Threat actors have leveraged the following IOCs during Hive ransomware compromises. Note: Some of these indicators are legitimate applications that Hive threat actors used to aid in further malicious exploitation. FBI, CISA, and HHS recommend removing any application not deemed necessary for day-to-day operations. See tables 2–3 below for IOCs obtained from FBI threat response investigations as recently as November 2022.

*Table 2: Known IOCs as of November 2022*
Known IOCs – Files
HOW_TO_DECRYPT.txt typically in directories with encrypted files
*.key typically in the root directory, i.e., C: or /root
hive.bat
shadow.bat
asq.r77vh0[.]pw – Server hosted malicious HTA file
asq.d6shiiwz[.]pw – Server referenced in malicious regsvr32 execution
asq.swhw71un[.]pw – Server hosted malicious HTA file
asd.s7610rir[.]pw – Server hosted malicious HTA file
Windows_x64_encrypt.dll
Windows_x64_encrypt.exe
Windows_x32_encrypt.dll
Windows_x32_encrypt.exe
Linux_encrypt
Esxi_encrypt
Known IOCs – Events
System, Security and Application Windows event logs wiped
Microsoft Windows Defender AntiSpyware Protection disabled
Microsoft Windows Defender AntiVirus Protection disabled
Volume shadow copies deleted
Normal boot process prevented
Known IOCs – Logged Processes
wevtutil.exe cl system
wevtutil.exe cl security
wevtutil.exe cl application
vssadmin.exe delete shadows /all /quiet
wmic.exe SHADOWCOPY /nointeractive
wmic.exe shadowcopy delete
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
bcdedit.exe /set {default} recoveryenabled no

*Table 3: Potential IOC IP Addresses as of November 2022*
Potential IOC IP Addresses for Compromise or Exfil:
84.32.188[.]57	84.32.188[.]238
93.115.26[.]251	185.8.105[.]67
181.231.81[.]239	185.8.105[.]112
186.111.136[.]37	192.53.123[.]202
158.69.36[.]149	46.166.161[.]123
108.62.118[.]190	46.166.161[.]93
185.247.71[.]106	46.166.162[.]125
5.61.37[.]207	46.166.162[.]96
185.8.105[.]103	46.166.169[.]34
5.199.162[.]220	93.115.25[.]139
5.199.162[.]229	93.115.27[.]148
89.147.109[.]208	83.97.20[.]81
5.61.37[.]207	5.199.162[.]220
5.199.162[.]229;	46.166.161[.]93
46.166.161[.]123;	46.166.162[.]96
46.166.162[.]125	46.166.169[.]34
83.97.20[.]81	84.32.188[.]238
84.32.188[.]57	89.147.109[.]208
93.115.25[.]139;	93.115.26[.]251
93.115.27[.]148	108.62.118[.]190
158.69.36[.]149/span>	181.231.81[.]239
185.8.105[.]67	185.8.105[.]103
185.8.105[.]112	185.247.71[.]106
186.111.136[.]37	192.53.123[.]202

MITRE ATT&CK TECHNIQUES

See table 4 for all referenced threat actor tactics and techniques listed in this advisory.

Table 4: Hive Actors ATT&CK Techniques for Enterprise
Initial Access
Technique Title	ID	Use
External Remote Services	T1133	Hive actors gain access to victim networks by using single factor logins via RDP, VPN, and other remote network connection protocols.
Exploit Public-Facing Application	T1190	Hive actors gain access to victim network by exploiting the following Microsoft Exchange vulnerabilities: CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, CVE-2021-42321.
Phishing	T1566.001	Hive actors gain access to victim networks by distributing phishing emails with malicious attachments.
Execution
Technique Title	ID	Use
Command and Scripting Interpreter	T1059	Hive actors looks to stop the volume shadow copy services and remove all existing shadow copies via vssadmin on command line or PowerShell.
Defense Evasion
Technique Title	ID	Use
Indicator Removal on Host	T1070	Hive actors delete Windows event logs, specifically, the System, Security and Application logs.
Modify Registry	T1112	Hive actors set registry values for DisableAntiSpyware and DisableAntiVirus to 1.
Impair Defenses	T1562	Hive actors seek processes related to backups, antivirus/anti-spyware, and file copying and terminates those processes to facilitate file encryption.
Exfiltration
Technique Title	ID	Use
Transfer Data to Cloud Account	T1537	Hive actors exfiltrate data from victims, using a possible combination of Rclone and the cloud storage service Mega.nz.
Impact
Technique Title		Use
Data Encrypted for Impact	T1486	Hive actors deploy a ransom note HOW_TO_DECRYPT.txt into each affected directory which states the *.key file cannot be modified, renamed, or deleted, otherwise the encrypted files cannot be recovered.
Inhibit System Recovery	T1490	Hive actors looks to stop the volume shadow copy services and remove all existing shadow copies via vssadmin via command line or PowerShell.

Mitigations

FBI, CISA, and HHS recommend organizations, particularly in the HPH sector, implement the following to limit potential adversarial use of common system and network discovery techniques and to reduce the risk of compromise by Hive ransomware:

Verify Hive actors no longer have access to the network.
Install updates for operating systems, software, and firmware as soon as they are released. Prioritize patching VPN servers, remote access software, virtual machine software, and known exploited vulnerabilities. Consider leveraging a centralized patch management system to automate and expedite the process.
Require phishing-resistant MFA for as many services as possible—particularly for webmail, VPNs, accounts that access critical systems, and privileged accounts that manage backups.
If used, secure and monitor RDP.
- Limit access to resources over internal networks, especially by restricting RDP and using virtual desktop infrastructure.
- After assessing risks, if you deem RDP operationally necessary, restrict the originating sources and require MFA to mitigate credential theft and reuse.
- If RDP must be available externally, use a VPN, virtual desktop infrastructure, or other means to authenticate and secure the connection before allowing RDP to connect to internal devices.
- Monitor remote access/RDP logs, enforce account lockouts after a specified number of attempts to block brute force campaigns, log RDP login attempts, and disable unused remote access/RDP ports.
- Be sure to properly configure devices and enable security features.
- Disable ports and protocols not used for business purposes, such as RDP Port 3389/TCP.
Maintain offline backups of data, and regularly maintain backup and restoration. By instituting this practice, the organization ensures they will not be severely interrupted, and/or only have irretrievable data.
Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure. Ensure your backup data is not already infected.,
Monitor cyber threat reporting regarding the publication of compromised VPN login credentials and change passwords/settings if applicable.
Install and regularly update anti-virus or anti-malware software on all hosts.
Enable PowerShell Logging including module logging, script block logging and transcription.
Install an enhanced monitoring tool such as Sysmon from Microsoft for increased logging.
Review the following additional resources.
- The joint advisory from Australia, Canada, New Zealand, the United Kingdom, and the United States on Technical Approaches to Uncovering and Remediating Malicious Activity provides additional guidance when hunting or investigating a network and common mistakes to avoid in incident handling.
- The Cybersecurity and Infrastructure Security Agency-Multi-State Information Sharing & Analysis Center Joint Ransomware Guide covers additional best practices and ways to prevent, protect, and respond to a ransomware attack.
- StopRansomware.gov is the U.S. Government’s official one-stop location for resources to tackle ransomware more effectively.

If your organization is impacted by a ransomware incident, FBI, CISA, and HHS recommend the following actions.

Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected.
Turn off other computers and devices. Power-off and segregate (i.e., remove from the network) the infected computer(s). Power-off and segregate any other computers or devices that share a network with the infected computer(s) that have not been fully encrypted by ransomware. If possible, collect and secure all infected and potentially infected computers and devices in a central location, making sure to clearly label any computers that have been encrypted. Powering-off and segregating infected computers and computers that have not been fully encrypted may allow for the recovery of partially encrypted files by specialists.
Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.

In addition, FBI, CISA, and HHS urge all organizations to apply the following recommendations to prepare for, mitigate/prevent, and respond to ransomware incidents.

Preparing for Cyber Incidents

Review the security posture of third-party vendors and those interconnected with your organization. Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity.
Implement listing policies for applications and remote access that only allow systems to execute known and permitted programs under an established security policy.
Document and monitor external remote connections. Organizations should document approved solutions for remote management and maintenance, and immediately investigate if an unapproved solution is installed on a workstation.
Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., hard drive, storage device, the cloud).

Identity and Access Management

Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to comply with National Institute of Standards and Technology (NIST) standards for developing and managing password policies.
- Use longer passwords consisting of at least 8 characters and no more than 64 characters in length.
- Store passwords in hashed format using industry-recognized password managers.
- Add password user “salts” to shared login credentials.
- Avoid reusing passwords.
- Implement multiple failed login attempt account lockouts.
- Disable password “hints.”
- Refrain from requiring password changes more frequently than once per year unless a password is known or suspected to be compromised.
  Note: NIST guidance suggests favoring longer passwords instead of requiring regular and frequent password resets. Frequent password resets are more likely to result in users developing password “patterns” cyber criminals can easily decipher.
- Require administrator credentials to install software.
Require phishing-resistant multifactor authentication for all services to the extent possible, particularly for webmail, virtual private networks, and accounts that access critical systems.
Review domain controllers, servers, workstations, and active directories for new and/or unrecognized accounts.
Audit user accounts with administrative privileges and configure access controls according to the principle of least privilege.
Implement time-based access for accounts set at the admin level and higher. For example, the Just-in-Time (JIT) access method provisions privileged access when needed and can support enforcement of the principle of least privilege (as well as the Zero Trust model). This is a process where a network-wide policy is set in place to automatically disable admin accounts at the Active Directory level when the account is not in direct need. Individual users may submit their requests through an automated process that grants them access to a specified system for a set timeframe when they need to support the completion of a certain task.

Protective Controls and Architecture

Segment networks to prevent the spread of ransomware. Network segmentation can help prevent the spread of ransomware by controlling traffic flows between—and access to—various subnetworks and by restricting adversary lateral movement.
Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool. To aid in detecting the ransomware, implement a tool that logs and reports all network traffic, including lateral movement activity on a network. Endpoint detection and response (EDR) tools are particularly useful for detecting lateral connections as they have insight into common and uncommon network connections for each host.
Install, regularly update, and enable real time detection for antivirus software on all hosts.

Vulnerability and Configuration Management

Consider adding an email banner to emails received from outside your organization.
Disable command-line and scripting activities and permissions. Privilege escalation and lateral movement often depend on software utilities running from the command line. If threat actors are not able to run these tools, they will have difficulty escalating privileges and/or moving laterally.
Ensure devices are properly configured and that security features are enabled.
Restrict Server Message Block (SMB) Protocol within the network to only access necessary servers and remove or disable outdated versions of SMB (i.e., SMB version 1). Threat actors use SMB to propagate malware across organizations.

REFERENCES

Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.
Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment.

INFORMATION REQUESTED

The FBI, CISA, and HHS do not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered. However, the FBI, CISA, and HHS understand that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers. Regardless of whether you or your organization decide to pay the ransom, the FBI, CISA, and HHS urge you to promptly report ransomware incidents to your local FBI field office, or to CISA at report@cisa.gov or (888) 282-0870. Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under US law, and prevent future attacks.

The FBI may seek the following information that you determine you can legally share, including:

Recovered executable files
Live random access memory (RAM) capture
Images of infected systems
Malware samples
IP addresses identified as malicious or suspicious
Email addresses of the attackers
A copy of the ransom note
Ransom amount
Bitcoin wallets used by the attackers
Bitcoin wallets used to pay the ransom
Post-incident forensic reports

DISCLAIMER

The information in this report is being provided “as is” for informational purposes only. FBI, CISA, and HHS do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by FBI, CISA, or HHS.

Revisions

Initial Version: November 17, 2022

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Cisco Releases Security Updates for Identity Services Engine

Post author By admin
Post date November 16, 2022

Original release date: November 16, 2022

Cisco has released security updates for vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files. For updates addressing vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network

Post author By admin
Post date November 16, 2022

Original release date: November 16, 2022

Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch (FCEB) organization in which Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in unpatched VMware Horizon server.

The CSA includes a malware analysis report (MAR), MAR-10387061-1-v1 XMRig Cryptocurrency Mining Software, on the mining software that the APT actors used against the compromised FCEB network. The CSA also provides tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) obtained from the incident response as well as recommended mitigations.

CISA and FBI strongly recommend organizations apply the recommended mitigations and defensive measures, which include:

Updating affected VMware Horizon and unified access gateway (UAG) systems to the latest version.
Minimizing your organization’s internet-facing attack surface.
Exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in the CSA.
Testing your organization’s existing security controls against the ATT&CK techniques described in the CSA.

For additional information on malicious Iranian government-sponsored cyber activity, see CISA’s Iran Cyber Threat Overview and Advisories webpage and FBI’s Iran Threats webpage.

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

AA22-320A: Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

Post author By admin
Post date November 16, 2022

Original release date: November 16, 2022

Summary

From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence. CISA and the Federal Bureau of Investigation (FBI) assess that the FCEB network was compromised by Iranian government-sponsored APT actors.

CISA and FBI are releasing this Cybersecurity Advisory (CSA) providing the suspected Iranian government-sponsored actors’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help network defenders detect and protect against related compromises.

CISA and FBI encourage all organizations with affected VMware systems that did not immediately apply available patches or workarounds to assume compromise and initiate threat hunting activities. If suspected initial access or compromise is detected based on IOCs or TTPs described in this CSA, CISA and FBI encourage organizations to assume lateral movement by threat actors, investigate connected systems (including the DC), and audit privileged accounts. All organizations, regardless of identified evidence of compromise, should apply the recommendations in the Mitigations section of this CSA to protect against similar malicious cyber activity.

For more information on Iranian government-sponsored Iranian malicious cyber activity, see CISA’s Iran Cyber Threat Overview and Advisories webpage and FBI’s Iran Threats webpage.

Download the PDF version of this report: pdf, 528 kb.

For a downloadable copy of the Malware Analysis Report (MAR) accompanying this report, see: MAR 10387061-1.v1.

Technical Details

Note: This advisory uses the MITRE ATT&CK for Enterprise framework, version 11. See the MITRE ATT&CK Tactics and Techniques section for a table of the threat actors’ activity mapped to MITRE ATT&CK® tactics and techniques with corresponding mitigation and/or detection recommendations.

Overview

In April 2022, CISA conducted retrospective analysis using EINSTEIN—an FCEB-wide intrusion detection system (IDS) operated and monitored by CISA—and identified suspected APT activity on an FCEB organization’s network. CISA observed bi-directional traffic between the network and a known malicious IP address associated with exploitation of the Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon servers. In coordination with the FCEB organization, CISA initiated threat hunting incident response activities; however, prior to deploying an incident response team, CISA observed additional suspected APT activity. Specifically, CISA observed HTTPS activity from IP address 51.89.181[.]64 to the organization’s VMware server. Based on trusted third-party reporting, 51.89.181[.]64 is a Lightweight Directory Access Protocol (LDAP) server associated with threat actors exploiting Log4Shell. Following HTTPS activity, CISA observed a suspected LDAP callback on port 443 to this IP address. CISA also observed a DNS query for us‐nation‐ny[.]cf that resolved back to 51.89.181[.]64 when the victim server was returning this Log4Shell LDAP callback to the actors’ server.

CISA assessed that this traffic indicated a confirmed compromise based on the successful callback to the indicator and informed the organization of these findings; the organization investigated the activity and found signs of compromise. As trusted-third party reporting associated Log4Shell activity from 51.89.181[.]64 with lateral movement and targeting of DCs, CISA suspected the threat actors had moved laterally and compromised the organization’s DC.

From mid-June through mid-July 2022, CISA conducted an onsite incident response engagement and determined that the organization was compromised as early as February 2022, by likely Iranian government-sponsored APT actors who installed XMRig crypto mining software. The threat actors also moved laterally to the domain controller, compromised credentials, and implanted Ngrok reverse proxies.

Threat Actor Activity

In February 2022, the threat actors exploited Log4Shell [T1190] for initial access [TA0001] to the organization’s unpatched VMware Horizon server. As part of their initial exploitation, CISA observed a connection to known malicious IP address 182.54.217[.]2 lasting 17.6 seconds.

The actors’ exploit payload ran the following PowerShell command [T1059.001] that added an exclusion tool to Windows Defender [T1562.001]:

powershell try{Add-MpPreference -ExclusionPath ‘C:’; Write-Host ‘added-exclusion’} catch {Write-Host ‘adding-exclusion-failed’ }; powershell -enc “$BASE64 encoded payload to download next stage and execute it”

The exclusion tool allowlisted the entire c:drive, enabling threat actors to download tools to the c:drive without virus scans. The exploit payload then downloaded mdeploy.text from 182.54.217[.]2/mdepoy.txt to C:userspublicmde.ps1 [T1105]. When executed, mde.ps1 downloaded file.zip from 182.54.217[.]2 and removed mde.ps1 from the disk [T1070.004].

file.zip contained XMRig cryptocurrency mining software and associated configuration files.

WinRing0x64.sys – XMRig Miner driver
wuacltservice.exe – XMRig Miner
config.json – XMRig miner configuration
RuntimeBroker.exe – Associated file. This file can create a local user account [T1136.001] and tests for internet connectivity by pinging 8.8.8.8 [T1016.001]. The exploit payload created a Scheduled Task [T1053.005] that executed RuntimeBroker.exe daily as SYSTEM. Note: By exploiting Log4Shell, the actors gained access to a VMware service account with administrator and system level access. The Scheduled Task was named RuntimeBrokerService.exe to masquerade as a legitimate Windows task.

See MAR 10387061-1.v1 for additional information, including IOCs, on these four files.

After obtaining initial access and installing XMRig on the VMWare Horizon server, the actors used RDP [T1021.001] and the built-in Windows user account DefaultAccount [T1078.001] to move laterally [TA0008] to a VMware VDI-KMS host. Once the threat actor established themselves on the VDI-KMS host, CISA observed the actors download around 30 megabytes of files from transfer[.]sh server associated with 144.76.136[.]153. The actors downloaded the following tools:

PsExec – a Microsoft signed tool for system administrators.
Mimikatz – a credential theft tool.
Ngrok – a reverse proxy tool for proxying an internal service out onto an Ngrok domain, which the user can then access at a randomly generated subdomain at *.ngrok[.]io. CISA has observed this tool in use by some commercial products for benign purposes; however, this process bypasses typical firewall controls and may be a potentially unwanted application in production environments. Ngrok is known to be used for malicious purposes.[1]

The threat actors then executed Mimikatz on VDI-KMS to harvest credentials and created a rogue domain administrator account [T1136.002]. Using the newly created account, the actors leveraged RDP to propagate to several hosts within the network. Upon logging into each host, the actors manually disabled Windows Defender via the Graphical User Interface (GUI) and implanted Ngrok executables and configuration files. The threat actors were able to implant Ngrok on multiple hosts to ensure Ngrok’s persistence should they lose access to a machine during a routine reboot. The actors were able to proxy [T1090] RDP sessions, which were only observable on the local network as outgoing HTTPS port 443 connections to tunnel.us.ngrok[.]com and korgn.su.lennut[.]com (the prior domain in reverse). It is possible, but was not observed, that the threat actors configured a custom domain, or used other Ngrok tunnel domains, wildcarded here as *.ngrok[.]com, *.ngrok[.]io, ngrok.*.tunnel[.]com, or korgn.*.lennut[.]com.

Once the threat actors established a deep foothold in the network and moved laterally to the domain controller, they executed the following PowerShell command on the Active Directory to obtain a list of all machines attached to the domain [T1018]:

Powershell.exe get-adcomputer -filter * -properties * | select name,operatingsystem,ipv4address >

The threat actors also changed the password for the local administrator account [T1098] on several hosts as a backup should the rogue domain administrator account get detected and terminated. Additionally, the threat actor was observed attempting to dump the Local Security Authority Subsystem Service (LSASS) process [T1003.001] with task manager but this was stopped by additional anti-virus the FCEB organization had installed.

MITRE ATT&CK TACTICS AND TECHNIQUES

See table 1 for all referenced threat actor tactics and techniques in this advisory, as well as corresponding detection and/or mitigation recommendations. For additional mitigations, see the Mitigations section.

*Table 1: Cyber Threat Actors ATT&CK Techniques for Enterprise*
Initial Access
Technique Title	ID	Use	Recommendations
Exploit Public-Facing Application	T1190	The actors exploited Log4Shell for initial access to the organization’s VMware Horizon server.	Mitigation/Detection: Use a firewall or web-application firewall and enable logging to prevent and detect potential Log4Shell exploitation attempts [M1050]. Mitigation: Perform regular vulnerability scanning to detect Log4J vulnerabilities and update Log4J software using vendor provided patches [M1016],[M1051].
Execution
Technique Title	ID	Use	Recommendation
Command and Scripting Interpreter: PowerShell	T1059.001	The actors ran PowerShell commands that added an exclusion tool to Windows Defender. The actors executed PowerShell on the AD to obtain a list of machines on the domain.	Mitigation: Disable or remove PowerShell for non-administrative users [M1042],[M1026] or enable code-signing to execute only signed scripts [M1045]. Mitigation: Employ anti-malware to automatically detect and quarantine malicious scripts [M1049].
Persistence
Technique Title	ID	Use	Recommendations
Account Manipulation	T1098	The actors changed the password for the local administrator account on several hosts.	Mitigation: Use multifactor authentication for user and privileged accounts [M1032]. Detection: Monitor events for changes to account objects and/or permissions on systems and the domain, such as event IDs 4738, 4728, and 4670. Monitor for modification of accounts in correlation with other suspicious activity [DS0002].
Create Account: Local Account	T1136.001	The actors’ malware can create local user accounts.	Mitigation: Configure access controls and firewalls to limit access to domain controllers and systems used to create and manage accounts. Detection: Monitor executed commands and arguments for actions that are associated with local account creation, such as net user /add , useradd, and dscl -create [DS0017]. Detection: Enable logging for new user creation [DS0002].
Create Account: Domain Account	T1136.002	The actors used Mimikatz to create a rogue domain administrator account.	Mitigation: Configure access controls and firewalls to limit access to domain controllers and systems used to create and manage accounts. Detection: Enable logging for new user creation, especially domain administrator accounts [DS0002].
Scheduled Task/Job: Scheduled Task	T1053.005	The actors’ exploit payload created Scheduled Task RuntimeBrokerService.exe, which executed RuntimeBroker.exe daily as SYSTEM.	Mitigation: Configure settings for scheduled tasks to force tasks to run under the context of the authenticated account instead of allowing them to run as SYSTEM [M1028]. Detection: Monitor for newly constructed processes and/or command-lines that execute from the svchost.exe in Windows 10 and the Windows Task Scheduler taskeng.exe for older versions of Windows [DS0009] Detection: Monitor for newly constructed scheduled jobs by enabling the Microsoft-Windows-TaskScheduler/Operational setting within the event logging service [DS0003].
Valid Accounts: Default Accounts	T1078.001	The actors used built-in Windows user account DefaultAccount.	Mitigation: Change default usernames and passwords immediately after the installation and before deployment to a production environment [M1027]. Detection: Develop rules to monitor logon behavior across default accounts that have been activated or logged into [DS0028].
Defense Evasion
Technique Title	ID	Use	Recommendations
Impair Defenses: Disable or Modify Tools	T1562.001	The actors added an exclusion tool to Windows Defender. The tool allowlisted the entire c:drive, enabling the actors to bypass virus scans for tools they downloaded to the c:drive. The actors manually disabled Windows Defender via the GUI.	Mitigation: Ensure proper user permissions are in place to prevent adversaries from disabling or interfering with security services. [M1018]. Detection: Monitor for changes made to Windows Registry keys and/or values related to services and startup programs that correspond to security tools such as HKLM:SOFTWAREPoliciesMicrosoftWindows Defender [DS0024]. Detection: Monitor for telemetry that provides context for modification or deletion of information related to security software processes or services such as Windows Defender definition files in Windows and System log files in Linux [DS0013]. Detection: Monitor processes for unexpected termination related to security tools/services [DS0009].
Indicator Removal on Host: File Deletion	T1070.004	The actors removed malicious file mde.ps1 from the dis.	Detection: Monitor executed commands and arguments for actions that could be utilized to unlink, rename, or delete files [DS0017]. Detection: Monitor for unexpected deletion of files from the system [DS0022].
Credential Access
Technique Title	ID	Use	Recommendations
OS Credential Dumping: LSASS Memory	T1003.001	The actors were observed trying to dump LSASS process.	Mitigation: With Windows 10, Microsoft implemented new protections called Credential Guard to protect the LSA secrets that can be used to obtain credentials through forms of credential dumping [M1043] Mitigation: On Windows 10, enable Attack Surface Reduction (ASR) rules to secure LSASS and prevent credential stealing [M1040]. Mitigation: Ensure that local administrator accounts have complex, unique passwords across all systems on the network [M1027]. Detection: Monitor for unexpected processes interacting with LSASS.exe. Common credential dumpers such as Mimikatz access LSASS.exe by opening the process, locating the LSA secrets key, and decrypting the sections in memory where credential details are stored. [DS0009]. Detection: Monitor executed commands and arguments that may attempt to access credential material stored in the process memory of the LSASS [DS0017].
Credentials from Password Stores	T1555	The actors used Mimikatz to harvest credentials.	Mitigation: Organizations may consider weighing the risk of storing credentials in password stores and web browsers. If system, software, or web browser credential disclosure is a significant concern, technical controls, policy, and user training may be used to prevent storage of credentials in improper locations [M1027]. Detection: Monitor for processes being accessed that may search for common password storage locations to obtain user credentials [DS0009]. Detection: Monitor executed commands and arguments that may search for common password storage locations to obtain user credentials [DS0017].
Discovery
Technique Title	ID	Use	Recommendations
Remote System Discovery	T1018	The actors executed a PowerShell command on the AD to obtain a list of all machines attached to the domain.	Detection: Monitor executed commands and arguments that may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for lateral movement [DS0017]. Detection: Monitor for newly constructed network connections associated with pings/scans that may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for lateral movement [DS0029]. Detection: Monitor for newly executed processes that can be used to discover remote systems, such as ping.exe and tracert.exe, especially when executed in quick succession [DS0009].
System Network Configuration Discovery: Internet Connection Discovery	T1016.001	The actors’ malware tests for internet connectivity by pinging 8.8.8.8.	Mitigation: Monitor executed commands, arguments [DS0017] and executed processes (e.g., tracert or ping) [DS0009] that may check for internet connectivity on compromised systems.
Lateral Movement
Technique Title	ID	Use	Recommendations
Remote Services: Remote Desktop Protocol	T1021.001	The actors used RDP to move laterally to multiple hosts on the network.	Mitigation: Use MFA for remote logins [M1032]. Mitigation: Disable the RDP service if it is unnecessary [M1042]. Mitigation: Do not leave RDP accessible from the internet. Enable firewall rules to block RDP traffic between network security zones within a network [M1030]. Mitigation: Consider removing the local Administrators group from the list of groups allowed to log in through RDP [M1026]. Detection: Monitor for user accounts logged into systems associated with RDP (ex: Windows EID 4624 Logon Type 10). Other factors, such as access patterns (ex: multiple systems over a relatively short period of time) and activity that occurs after a remote login, may indicate suspicious or malicious behavior with RDP [DS0028].
Command and Control
Technique Title	ID	Use	Recommendations
Proxy	T1090	The actors used Ngrok to proxy RDP connections and to perform command and control.	Mitigation: Traffic to known anonymity networks and C2 infrastructure can be blocked through the use of network allow and block lists [M1037]. Detection: Monitor and analyze traffic patterns and packet inspection associated to protocol(s) that do not follow the expected protocol standards and traffic flows (e.g., extraneous packets that do not belong to established flows, gratuitous or anomalous traffic patterns, anomalous syntax, or structure) [DS0029].
Ingress Tool Transfer	T1105	The actors downloaded malware and multiple tools to the network, including PsExec, Mimikatz, and Ngrok.	Mitigation: Employ anti-malware to automatically detect and quarantine malicious scripts [M1049].

INCIDENT RESPONSE

If suspected initial access or compromise is detected based on IOCs or TTPs in this CSA, CISA encourages organizations to assume lateral movement by threat actors and investigate connected systems and the DC.

CISA recommends organizations apply the following steps before applying any mitigations, including patching.

Immediately isolate affected systems.
Collect and review relevant logs, data, and artifacts. Take a memory capture of the device(s) and a forensic image capture for detailed analysis.
Consider soliciting support from a third-party incident response organization that can provide subject matter expertise to ensure the actor is eradicated from the network and to avoid residual issues that could enable follow-on exploitation.
Report incidents to CISA via CISA’s 24/7 Operations Center (report@cisa.gov or 888-282-0870) or your local FBI field office, or FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by e-mail at CyWatch@fbi.gov.

Mitigations

CISA and FBI recommend implementing the mitigations below and in Table 1 to improve your organization’s cybersecurity posture on the basis of threat actor behaviors.

Install updated builds to ensure affected VMware Horizon and UAG systems are updated to the latest version.
- If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, treat those VMware Horizon systems as compromised. Follow the pro-active incident response procedures outlined above prior to applying updates. If no compromise is detected, apply these updates as soon as possible.
  - See VMware Security Advisory VMSA-2021-0028.13 and VMware Knowledge Base (KB) 87073 to determine which VMware Horizon components are vulnerable.
  - Note: Until the update is fully implemented, consider removing vulnerable components from the internet to limit the scope of traffic. While installing the updates, ensure network perimeter access controls are as restrictive as possible.
  - If upgrading is not immediately feasible, see KB87073 and KB87092 for vendor-provided temporary workarounds. Implement temporary solutions using an account with administrative privileges. Note that these temporary solutions should not be treated as permanent fixes; vulnerable components should be upgraded to the latest build as soon as possible.
  - Prior to implementing any temporary solution, ensure appropriate backups have been completed.
  - Verify successful implementation of mitigations by executing the vendor supplied script Horizon_Windows_Log4j_Mitigations.zip without parameters to ensure that no vulnerabilities remain. See KB87073 for details.
Keep all software up to date and prioritize patching known exploited vulnerabilities (KEVs).
Minimize the internet-facing attack surface by hosting essential services on a segregated DMZ, ensuring strict network perimeter access controls, and not hosting internet-facing services that are not essential to business operations. Where possible, implement regularly updated web application firewalls (WAF) in front of public-facing services. WAFs can protect against web-based exploitation using signatures and heuristics that are likely to block or alert on malicious traffic.
Use best practices for identity and access management (IAM) by implementing phishing resistant multifactor authentication (MFA), enforcing use of strong passwords, regularly auditing administrator accounts and permissions, and limiting user access through the principle of least privilege. Disable inactive accounts uniformly across the AD, MFA systems, etc.
- If using Windows 10 version 1607 or Windows Server 2016 or later, monitor or disable Windows DefaultAccount, also known as the Default System Managed Account (DSMA).
Audit domain controllers to log successful Kerberos Ticket Granting Service (TGS) requests and ensure the events are monitored for anomalous activity.
- Secure accounts.
- Enforce the principle of least privilege. Administrator accounts should have the minimum permission necessary to complete their tasks.
- Ensure there are unique and distinct administrative accounts for each set of administrative tasks.
- Create non-privileged accounts for privileged users and ensure they use the non-privileged accounts for all non-privileged access (e.g., web browsing, email access).
Create a deny list of known compromised credentials and prevent users from using known-compromised passwords.
Secure credentials by restricting where accounts and credentials can be used and by using local device credential protection features.
- Use virtualizing solutions on modern hardware and software to ensure credentials are securely stored.
- Ensure storage of clear text passwords in LSASS memory is disabled. Note: For Windows 8, this is enabled by default. For more information see Microsoft Security Advisory Update to Improve Credentials Protection and Management.
- Consider disabling or limiting NTLM and WDigest Authentication.
- Implement Credential Guard for Windows 10 and Server 2016 (refer to Microsoft: Manage Windows Defender Credential Guard for more information). For Windows Server 2012R2, enable Protected Process Light for Local Security Authority (LSA).
- Minimize the AD attack surface to reduce malicious ticket-granting activity. Malicious activity such as “Kerberoasting” takes advantage of Kerberos’ TGS and can be used to obtain hashed credentials that threat actors attempt to crack.

VALIDATE SECURITY CONTROLS

In addition to applying mitigations, CISA and FBI recommend exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. CISA and FBI recommend testing your existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory.

To get started:

Select an ATT&CK technique described in this advisory (see table 1).
Align your security technologies against the technique.
Test your technologies against the technique.
Analyze your detection and prevention technologies performance.
Repeat the process for all security technologies to obtain a set of comprehensive performance data.
Tune your security program, including people, processes, and technologies, based on the data generated by this process.

CISA and FBI recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory.

References

[1] MITRE ATT&CK Version 11: Software – Ngrok

Revisions

Initial Version: November 16, 2022

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Vulnerability Summary for the Week of November 7, 2022

Post author By admin
Post date November 15, 2022

Original release date: November 14, 2022 | Last revised: November 15, 2022

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
accusoft — imagegear	An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.	2022-11-09	7.8	CVE-2022-32588 MISC
acronis — cyber_protect_home_office	Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.	2022-11-07	7.8	CVE-2022-44732 MISC
acronis — cyber_protect_home_office	Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.	2022-11-07	7.8	CVE-2022-44733 MISC
acronis — cyber_protect_home_office	Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.	2022-11-07	7.8	CVE-2022-44747 MISC
acronis — cyber_protect_home_office	Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.	2022-11-07	7.3	CVE-2022-44744 MISC
activity_log_project — activity_log	CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.	2022-11-08	9.8	CVE-2022-27858 CONFIRM CONFIRM
addify — role_based_pricing_for_woocommerce	The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog	2022-11-07	8.8	CVE-2022-3536 CONFIRM
addify — role_based_pricing_for_woocommerce	The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP	2022-11-07	8.8	CVE-2022-3537 CONFIRM
analytify — analytify_-_google_analytics_dashboard	Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress.	2022-11-08	8.8	CVE-2022-38137 CONFIRM CONFIRM
apache — commons_bcel	Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.	2022-11-07	9.8	CVE-2022-42920 MISC MLIST
apache — ivy	With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the “zip”, “jar” or “war” packaging Ivy prior to 2.5.1 doesn’t verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse “upwards” using “..” sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1.	2022-11-07	9.1	CVE-2022-37865 CONFIRM
apache — ivy	When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied “pattern” that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain “../” sequences – which are valid characters for Ivy coordinates in general – it is possible the artifacts are stored outside of Ivy’s local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing “..” sequences and a “normal” repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.	2022-11-07	7.5	CVE-2022-37866 MISC
apache — pulsar	The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the ClientCredentialFlow ‘issuer url’. The intercepted credentials can be used to acquire authentication data from the OAuth2.0 server to then authenticate with an Apache Pulsar cluster. An attacker can only take advantage of this vulnerability by taking control of a machine ‘between’ the client and the server. The attacker must then actively manipulate traffic to perform the attack. The Apache Pulsar Python Client wraps the C++ client, so it is also vulnerable in the same way. This issue affects Apache Pulsar C++ Client and Python Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0 to 2.10.1; 2.6.4 and earlier. Any users running affected versions of the C++ Client or the Python Client should rotate vulnerable OAuth2.0 credentials, including client_id and client_secret. 2.7 C++ and Python Client users should upgrade to 2.7.5 and rotate vulnerable OAuth2.0 credentials. 2.8 C++ and Python Client users should upgrade to 2.8.4 and rotate vulnerable OAuth2.0 credentials. 2.9 C++ and Python Client users should upgrade to 2.9.3 and rotate vulnerable OAuth2.0 credentials. 2.10 C++ and Python Client users should upgrade to 2.10.2 and rotate vulnerable OAuth2.0 credentials. 3.0 C++ users are unaffected and 3.0 Python Client users will be unaffected when it is released. Any users running the C++ and Python Client for 2.6 or less should upgrade to one of the above patched versions.	2022-11-04	8.1	CVE-2022-33684 MISC
arm — valhall_gpu_kernel_driver	An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0.	2022-11-08	8.8	CVE-2022-41757 MISC
azure — cyclecloud	Azure CycleCloud Elevation of Privilege Vulnerability.	2022-11-09	7.5	CVE-2022-41085 MISC
azure — rtos_guix_studio	Azure RTOS GUIX Studio Remote Code Execution Vulnerability.	2022-11-09	7.8	CVE-2022-41051 MISC
badgermeter — moni	In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module.	2022-11-07	7.5	CVE-2020-12509 MISC
bd — totalys_multiprocessor_firmware	BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability.	2022-11-04	7.8	CVE-2022-40263 CONFIRM
canteen_management_system_project — canteen_management_system	Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php.	2022-11-07	7.2	CVE-2022-43049 MISC
canteen_management_system_project — canteen_management_system	Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-11-09	7.2	CVE-2022-43277 MISC
canteen_management_system_project — canteen_management_system	Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php.	2022-11-09	7.2	CVE-2022-43278 MISC
canteen_management_system_project — canteen_management_system	Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php.	2022-11-09	7.2	CVE-2022-43290 MISC
canteen_management_system_project — canteen_management_system	Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php.	2022-11-09	7.2	CVE-2022-43291 MISC
canteen_management_system_project — canteen_management_system	Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php.	2022-11-09	7.2	CVE-2022-43292 MISC
cisco — asyncos	A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account.	2022-11-04	8.8	CVE-2022-20868 MISC
cisco — broadworks_commpilot_application	A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} [“%7b%7bvalue%7d%7d”])}]]	2022-11-04	8.8	CVE-2022-20958 MISC
cisco — email_security_appliance	A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerability by establishing a large number of concurrent TLS connections to an affected device. A successful exploit could allow the attacker to cause the device to drop new TLS email messages that come from the associated email servers. Exploitation of this vulnerability does not cause the affected device to unexpectedly reload. The device will recover autonomously within a few hours of when the attack is halted or mitigated.	2022-11-04	7.5	CVE-2022-20960 MISC
cisco — identity_services_engine	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx”]	2022-11-04	8.8	CVE-2022-20956 MISC
cisco — identity_services_engine	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user.	2022-11-04	8.8	CVE-2022-20961 MISC
cisco — identity_services_engine	A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges.	2022-11-04	8.8	CVE-2022-20962 MISC
citrix — gateway	Unauthorized access to Gateway user capabilities	2022-11-08	9.8	CVE-2022-27510 MISC
citrix — gateway	User login brute force protection functionality bypass	2022-11-08	9.8	CVE-2022-27516 MISC
citrix — gateway	Remote desktop takeover via phishing	2022-11-08	9.6	CVE-2022-27513 MISC
codection — import_and_export_users_and_customers	The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.	2022-11-07	8	CVE-2022-3558 CONFIRM CONFIRM
dedecms — dedecms	DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.	2022-11-09	8.8	CVE-2022-43031 MISC MISC
democritus — d8s-dates	The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0.	2022-11-07	9.8	CVE-2022-44052 MISC MISC MISC
democritus — d8s-networking	The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0.	2022-11-07	9.8	CVE-2022-44050 MISC MISC MISC
democritus — d8s-networking	The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0.	2022-11-07	9.8	CVE-2022-44053 MISC MISC MISC
democritus — d8s-python	The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0.	2022-11-07	9.8	CVE-2022-43305 MISC MISC MISC
democritus — d8s-python	The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0.	2022-11-07	9.8	CVE-2022-44049 MISC MISC MISC
democritus — d8s-stats	The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0.	2022-11-07	9.8	CVE-2022-44051 MISC MISC MISC
democritus — d8s-strings	The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.	2022-11-07	9.8	CVE-2022-43303 MISC MISC MISC
democritus — d8s-timer	The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.	2022-11-07	9.8	CVE-2022-43304 MISC MISC MISC
democritus — d8s-timer	The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0.	2022-11-07	8.8	CVE-2022-43306 MISC MISC MISC
democritus — d8s-urls	The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0.	2022-11-07	9.8	CVE-2022-44048 MISC MISC MISC
democritus — d8s-xml	The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0.	2022-11-07	9.8	CVE-2022-44054 MISC MISC MISC
fastify — websocket	@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions.	2022-11-08	7.5	CVE-2022-39386 CONFIRM
flowring — agentflow_bpm	The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service.	2022-11-10	9.8	CVE-2022-39036 MISC MISC
flowring — agentflow_bpm	Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.	2022-11-10	7.5	CVE-2022-39037 MISC MISC
fluentforms — contact_form	The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection	2022-11-07	9.8	CVE-2022-3463 CONFIRM
food_ordering_management_system_project — food_ordering_management_system	Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer.	2022-11-07	7.2	CVE-2022-42990 MISC
getshortcodes — shortcodes_ultimate	Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin’s Shortcodes Ultimate plugin <= 5.12.0 on WordPress.	2022-11-08	8.8	CVE-2022-41136 CONFIRM CONFIRM
gifdec_project — gifdec	Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file.	2022-11-07	7.8	CVE-2022-43359 MISC
gitlab — gitlab	Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim’s account.	2022-11-10	9	CVE-2022-3726 MISC CONFIRM MISC
gitlab — gitlab	Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab	2022-11-09	7.5	CVE-2022-3285 CONFIRM MISC
google — android	In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-243825200	2022-11-08	7.8	CVE-2021-1050 MISC
google — android	In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-246824784	2022-11-08	7.8	CVE-2021-39661 MISC
google — android	In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-238605611	2022-11-08	7.8	CVE-2022-20441 MISC
google — android	In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-210065877	2022-11-08	7.8	CVE-2022-20450 MISC
google — android	In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235098883	2022-11-08	7.8	CVE-2022-20451 MISC
google — android	In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318	2022-11-08	7.8	CVE-2022-20452 MISC
google — android	In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230356196	2022-11-08	7.8	CVE-2022-20462 MISC
google — android	In telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319132; Issue ID: ALPS07319132.	2022-11-08	7.8	CVE-2022-32601 MISC
google — android	Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution.	2022-11-09	7.8	CVE-2022-39880 MISC
google — android	Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code.	2022-11-09	7.8	CVE-2022-39882 MISC
google — android	Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API.	2022-11-09	7.8	CVE-2022-39883 MISC
google — android	In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-225876506	2022-11-08	7.5	CVE-2022-20445 MISC
google — chrome	Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)	2022-11-09	9.6	CVE-2022-3890 MISC MISC
google — chrome	Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2022-11-09	8.8	CVE-2022-3445 MISC MISC
google — chrome	Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2022-11-09	8.8	CVE-2022-3446 MISC MISC
google — chrome	Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2022-11-09	8.8	CVE-2022-3448 MISC MISC
google — chrome	Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)	2022-11-09	8.8	CVE-2022-3449 MISC MISC
google — chrome	Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2022-11-09	8.8	CVE-2022-3450 MISC MISC
google — chrome	Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2022-11-09	8.8	CVE-2022-3885 MISC MISC
google — chrome	Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2022-11-09	8.8	CVE-2022-3886 MISC MISC
google — chrome	Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2022-11-09	8.8	CVE-2022-3887 MISC MISC
google — chrome	Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2022-11-09	8.8	CVE-2022-3888 MISC MISC
google — chrome	Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2022-11-09	8.8	CVE-2022-3889 MISC MISC
grafana — grafana	Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds.	2022-11-08	8.1	CVE-2022-39328 CONFIRM
hcltech — domino	HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.	2022-11-04	8.8	CVE-2022-38660 MISC
html2xhtml_project — html2xhtml	html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file.	2022-11-08	8.1	CVE-2022-44311 MISC
huawei — emui	The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.	2022-11-09	9.8	CVE-2022-44562 MISC MISC
huawei — emui	Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.	2022-11-08	7.5	CVE-2022-44556 MISC
huawei — harmonyos	The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.	2022-11-09	9.8	CVE-2021-46851 MISC MISC
huawei — harmonyos	The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.	2022-11-09	7.5	CVE-2021-46852 MISC MISC
huawei — harmonyos	The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.	2022-11-09	7.5	CVE-2022-44546 MISC MISC
huawei — harmonyos	The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.	2022-11-09	7.5	CVE-2022-44547 MISC MISC
huawei — harmonyos	The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.	2022-11-09	7.5	CVE-2022-44549 MISC MISC
huawei — harmonyos	The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.	2022-11-09	7.5	CVE-2022-44550 MISC MISC
human_resource_management_system_project — human_resource_management_system	Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php.	2022-11-07	8.8	CVE-2022-43318 MISC
inhandnetworks — ir302_firmware	A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.	2022-11-09	8.8	CVE-2022-28689 MISC CONFIRM
inhandnetworks — ir302_firmware	A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability.	2022-11-09	8.8	CVE-2022-30543 CONFIRM MISC
inhandnetworks — ir302_firmware	A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.	2022-11-09	8.1	CVE-2022-29888 MISC CONFIRM
jhead_project — jhead	jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.	2022-11-04	7.8	CVE-2021-34055 MISC
linux — linux_kernel	The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2022-11-04	7.5	CVE-2022-43945 MISC
mahara — mahara	Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.	2022-11-06	9.8	CVE-2022-44544 MISC MISC
mahara — mahara	In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.	2022-11-06	7.5	CVE-2022-42707 MISC MISC
maxonerp — maxon	A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039.	2022-11-07	9.8	CVE-2022-3878 MISC MISC
mediatek — lr12a	In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118.	2022-11-08	7.5	CVE-2022-26446 MISC
mendix — saml	A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 7 compatible) (All versions >= V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `’Allow Idp Initiated Authentication’` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.	2022-11-08	9.8	CVE-2022-44457 MISC
microsoft — azure_iot_edge_for_linux	Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability.	2022-11-09	7	CVE-2022-38014 MISC
microsoft — azure_rtos_filex	Azure RTOS FileX is a FAT-compatible file system thatâ€™s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This function iterates through the log entries and performs required recovery operations. When properly crafted a log including entries of type `FX_FAULT_TOLERANT_DIR_LOG_TYPE` may be utilized to introduce unexpected behavior. This issue has been patched in version 6.2.0. A workaround to fix line 218 in fx_fault_tolerant_apply_logs.c is documented in the GHSA.	2022-11-08	7.8	CVE-2022-39343 CONFIRM MISC
microsoft — azure_rtos_usbx	Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function prevents buffer overflow during handling of DFU UPLOAD command when current state is `UX_SYSTEM_DFU_STATE_DFU_IDLE`. This issue has been patched, please upgrade to version 6.1.12. As a workaround, add the `UPLOAD_LENGTH` check in all possible states.	2022-11-04	9.8	CVE-2022-39344 CONFIRM
microsoft — dwm_core_library	Microsoft DWM Core Library Elevation of Privilege Vulnerability.	2022-11-09	7.8	CVE-2022-41096 MISC
microsoft — excel	Microsoft Excel Security Feature Bypass Vulnerability.	2022-11-09	7.8	CVE-2022-41104 MISC
microsoft — excel	Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41063.	2022-11-09	7.8	CVE-2022-41106 MISC
microsoft — exchange_server	Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.	2022-11-09	9.8	CVE-2022-41080 MISC
microsoft — exchange_server	Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080.	2022-11-09	7.8	CVE-2022-41123 MISC
microsoft — exchange_server	Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41079.	2022-11-09	7.5	CVE-2022-41078 MISC
microsoft — exchange_server	Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41078.	2022-11-09	7.5	CVE-2022-41079 MISC
microsoft — microsoft_excel	Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41106.	2022-11-09	7.8	CVE-2022-41063 MISC
microsoft — microsoft_wod	Microsoft Word Remote Code Execution Vulnerability.	2022-11-09	7.8	CVE-2022-41061 MISC
microsoft — office	Microsoft Office Graphics Remote Code Execution Vulnerability.	2022-11-09	7.8	CVE-2022-41107 MISC
microsoft — sharepoint	Microsoft SharePoint Server Remote Code Execution Vulnerability.	2022-11-09	8.8	CVE-2022-41062 MISC
microsoft — visual_studio_2017	Visual Studio Remote Code Execution Vulnerability.	2022-11-09	7.8	CVE-2022-41119 MISC
microsoft — windows_server_2008	Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41048.	2022-11-09	8.8	CVE-2022-41047 MISC
microsoft — windows_server_2008	Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41047.	2022-11-09	8.8	CVE-2022-41048 MISC
microsoft — windows_server_2008	Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.	2022-11-09	8.8	CVE-2022-41128 MISC
microsoft — windows_server_2008	Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.	2022-11-09	8.1	CVE-2022-37966 MISC
microsoft — windows_server_2008	Netlogon RPC Elevation of Privilege Vulnerability.	2022-11-09	8.1	CVE-2022-38023 MISC
microsoft — windows_server_2008	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41044, CVE-2022-41088.	2022-11-09	8.1	CVE-2022-41039 MISC
microsoft — windows_server_2008	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41088.	2022-11-09	8.1	CVE-2022-41044 MISC
microsoft — windows_server_2008	Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41086.	2022-11-09	7.8	CVE-2022-37992 MISC
microsoft — windows_server_2008	Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41093, CVE-2022-41100.	2022-11-09	7.8	CVE-2022-41045 MISC
microsoft — windows_server_2008	Windows HTTP.sys Elevation of Privilege Vulnerability.	2022-11-09	7.8	CVE-2022-41057 MISC
microsoft — windows_server_2008	Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability.	2022-11-09	7.5	CVE-2022-41056 MISC
microsoft — windows_server_2008	Windows Network Address Translation (NAT) Denial of Service Vulnerability.	2022-11-09	7.5	CVE-2022-41058 MISC
microsoft — windows_server_2008	Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41128.	2022-11-09	7.5	CVE-2022-41118 MISC
microsoft — windows_server_2008	Windows Kerberos Elevation of Privilege Vulnerability.	2022-11-09	7.2	CVE-2022-37967 MISC
microsoft — windows_server_2012	Windows CNG Key Isolation Service Elevation of Privilege Vulnerability.	2022-11-09	7.8	CVE-2022-41125 MISC
microsoft — windows_sysmon	Microsoft Windows Sysmon Elevation of Privilege Vulnerability.	2022-11-09	7.8	CVE-2022-41120 MISC
n-prolog_project — n-prolog	N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c.	2022-11-08	7.5	CVE-2022-43343 MISC
nec — expresscluster_x_singleserversafe	Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.	2022-11-08	9.8	CVE-2022-34822 MISC
nec — expresscluster_x_singleserversafe	Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.	2022-11-08	9.8	CVE-2022-34823 MISC
nec — expresscluster_x_singleserversafe	Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.	2022-11-08	9.8	CVE-2022-34824 MISC
nec — expresscluster_x_singleserversafe	Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.	2022-11-08	9.8	CVE-2022-34825 MISC
netwrix — auditor	Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITYSYSTEM user on affected systems, including on systems Netwrix Auditor monitors.	2022-11-08	9.8	CVE-2022-31199 MISC
objectfirst — object_first	An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn’t produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in 1.0.13.1611.	2022-11-07	9.8	CVE-2022-44796 MISC
objectfirst — object_first	An issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn’t validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611.	2022-11-07	8.8	CVE-2022-44794 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity.	2022-11-09	9.8	CVE-2022-43058 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test.	2022-11-07	7.2	CVE-2022-43051 MISC
online_diagnostic_lab_management_system_project — online_diagnostic_lab_management_system	Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete.	2022-11-07	7.2	CVE-2022-43052 MISC
online_tours_and_travels_management_system_project — online_tours_and_travels_management_system	Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-11-07	7.2	CVE-2022-43050 MISC
openfga — openfga	OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset relation (the right hand side of a â€˜fromâ€™ statement). This issue has been patched in version v0.2.5. This update is not backward compatible with any authorization model that uses wildcard on a tupleset relation.	2022-11-08	9.8	CVE-2022-39352 CONFIRM
opensuse — openldap2	A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.	2022-11-09	7.8	CVE-2022-31253 CONFIRM
opmc — woocommerce_dropshipping	The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection	2022-11-07	9.8	CVE-2022-3481 CONFIRM
parseplatform — parse-server	Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This issue is patched in version 5.3.1 and in 4.10.18. There are no known workarounds.	2022-11-10	9.8	CVE-2022-39396 CONFIRM
passwork — passwork	The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials.	2022-11-07	7.5	CVE-2022-42955 MISC MISC
passwork — passwork	The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.	2022-11-07	7.5	CVE-2022-42956 MISC MISC
pattersondental — eaglesoft	Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file.	2022-11-07	7.8	CVE-2022-37710 MISC
phoenix_contact — fl_mguard_dm	In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections.	2022-11-09	7.5	CVE-2021-34579 MISC
powercom_co_ltd — upsmon_pro	UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data.	2022-11-10	7.5	CVE-2022-38122 MISC
powercom_co_ltd — upsmon_pro	UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service.	2022-11-10	9.8	CVE-2022-38119 MISC
pymatgen — pymatgen	An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method	2022-11-09	7.5	CVE-2022-42964 MISC
python — python	Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.	2022-11-07	7.8	CVE-2022-42919 MISC
python — python	An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.	2022-11-09	7.5	CVE-2022-45061 MISC
python-poetry — cleo	An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method	2022-11-09	7.5	CVE-2022-42966 MISC
qemu — qemu	An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.	2022-11-07	8.6	CVE-2022-3872 MISC
really-simple-plugins — complianz	The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML.	2022-11-07	8.8	CVE-2022-3494 CONFIRM
roxyfileman — roxy_fileman	Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)	2022-11-09	9.8	CVE-2022-40797 MISC MISC MISC
samsung — billing	Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information.	2022-11-09	7.5	CVE-2022-39890 MISC
samsung — exynos_firmware	Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory.	2022-11-09	9.1	CVE-2022-39881 MISC
samsung — pass	Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.	2022-11-09	9.8	CVE-2022-39892 MISC
sanitization_management_system_project — sanitization_management_system	A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=save_quote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213012.	2022-11-05	9.8	CVE-2022-3868 N/A N/A
sanitization_management_system_project — sanitization_management_system	Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry.	2022-11-07	7.2	CVE-2022-43350 MISC
sanitization_management_system_project — sanitization_management_system	Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote.	2022-11-07	7.2	CVE-2022-43352 MISC
sap — 3d_visual_enterprise_viewer	Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random, based on access rights of the memory, repeated success is not assured.	2022-11-08	7.8	CVE-2022-41211 MISC MISC
sap — businessobjects_business_intelligence	In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system.	2022-11-08	8.8	CVE-2022-41203 MISC MISC
schneider-electric — ecostruxure_operator_terminal_expert	A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).	2022-11-04	7.8	CVE-2022-41669 MISC
schneider-electric — ecostruxure_operator_terminal_expert	A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).	2022-11-04	7.8	CVE-2022-41670 MISC
schneider-electric — ecostruxure_operator_terminal_expert	A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).	2022-11-04	7.8	CVE-2022-41671 MISC
siemens — 7kg9501-0aa01-2aa1_firmware	A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user’s account through the activated session.	2022-11-08	8.8	CVE-2022-43398 MISC
siemens — 7kg9501-0aa01-2aa1_firmware	A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.	2022-11-08	8.8	CVE-2022-43439 MISC
siemens — 7kg9501-0aa01-2aa1_firmware	A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.	2022-11-08	8.8	CVE-2022-43545 MISC
siemens — 7kg9501-0aa01-2aa1_firmware	A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.	2022-11-08	8.8	CVE-2022-43546 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process.	2022-11-08	7.8	CVE-2022-39136 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.	2022-11-08	7.8	CVE-2022-41660 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.	2022-11-08	7.8	CVE-2022-41661 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.	2022-11-08	7.8	CVE-2022-41662 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.	2022-11-08	7.8	CVE-2022-41663 MISC
siemens — jt2go	A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.	2022-11-08	7.8	CVE-2022-41664 MISC
siemens — parasolid	A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.0 (All versions >= V34.0.252 < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V34.1 (All versions >= V34.1.242 < V34.1.244), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.0 (All versions >= V35.0.170 < V35.0.184). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17745)	2022-11-08	7.8	CVE-2022-39157 MISC
siemens — parasolid	A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17854)	2022-11-08	7.8	CVE-2022-43397 MISC
siemens — qms_automotive	A vulnerability has been identified in QMS Automotive (All versions). User credentials are stored in plaintext in the database. This could allow an attacker to gain access to credentials and impersonate other users.	2022-11-08	9.1	CVE-2022-43958 MISC
simple_e-learning_system_project — simple_e-learning_system	An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.	2022-11-07	7.5	CVE-2022-43319 MISC
slidervilla — testimonial_slider	Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.	2022-11-08	8.8	CVE-2022-44741 CONFIRM CONFIRM
snowflake — snowflake-connector-python	An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method	2022-11-09	7.5	CVE-2022-42965 MISC
soflyy — wp_all_import	The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector.	2022-11-07	7.2	CVE-2022-2711 CONFIRM
soflyy — wp_all_import	The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files	2022-11-07	7.2	CVE-2022-3418 CONFIRM
splunk — splunk	In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.	2022-11-04	8.8	CVE-2022-43563 MISC
splunk — splunk	In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser.	2022-11-04	8.8	CVE-2022-43565 MISC
splunk — splunk	In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.	2022-11-04	8.8	CVE-2022-43567 MISC MISC
splunk — splunk	In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.	2022-11-04	8	CVE-2022-43566 MISC MISC
symantec — endpoint_detection_and_response	Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.	2022-11-08	9.8	CVE-2022-37015 MISC
trellix — intrusion_prevention_system_manager	XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.	2022-11-04	7.2	CVE-2022-3340 CONFIRM
tuxera — ntfs-3g	A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.	2022-11-06	7.8	CVE-2022-40284 MISC MISC
varnish-software — varnish_cache_plus	An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.	2022-11-09	7.5	CVE-2022-45060 MISC MISC
varnish_cache_project — varnish_cache	An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.	2022-11-09	7.5	CVE-2022-45059 MISC
vmware — workspace_one_assist	VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.	2022-11-09	9.8	CVE-2022-31685 MISC
vmware — workspace_one_assist	VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.	2022-11-09	9.8	CVE-2022-31686 MISC
vmware — workspace_one_assist	VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.	2022-11-09	9.8	CVE-2022-31687 MISC
vmware — workspace_one_assist	VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.	2022-11-09	9.8	CVE-2022-31689 MISC
wago — i/o-check_service	In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.	2022-11-09	7.5	CVE-2021-34568 MISC
wago — i/o-check_service	In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.	2022-11-09	9.8	CVE-2021-34569 MISC
wago — i/o-check_service	In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.	2022-11-09	9.1	CVE-2021-34566 MISC
wago — i/o-check_service	In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.	2022-11-09	8.2	CVE-2021-34567 MISC
wiesemann_&_theis — multiple_products	Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage	2022-11-10	8	CVE-2022-42786 MISC
windows — advanced_local_procedure_call	Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41100.	2022-11-09	7.8	CVE-2022-41093 MISC
windows — advanced_local_procedure_call	Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41093.	2022-11-09	7.8	CVE-2022-41100 MISC
windows — bind_filter_driver	Windows Bind Filter Driver Elevation of Privilege Vulnerability.	2022-11-09	7	CVE-2022-41114 MISC
windows — digital_media_receiver	Windows Digital Media Receiver Elevation of Privilege Vulnerability.	2022-11-09	7.8	CVE-2022-41095 MISC
windows — extensible_file_allocation_table	Windows Extensible File Allocation Table Elevation of Privilege Vulnerability.	2022-11-09	7.8	CVE-2022-41050 MISC
windows — graphics_component	Windows Graphics Component Remote Code Execution Vulnerability.	2022-11-09	7.8	CVE-2022-41052 MISC
windows — kerberos	Windows Kerberos Denial of Service Vulnerability.	2022-11-09	7.5	CVE-2022-41053 MISC
windows — overlay_filter	Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41102.	2022-11-09	7.8	CVE-2022-41101 MISC
windows — overlay_filter	Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41101.	2022-11-09	7.8	CVE-2022-41102 MISC
windows — point-to-point_tunneling_protocol	Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41044.	2022-11-09	8.1	CVE-2022-41088 MISC
windows — print_spooler	Windows Print Spooler Elevation of Privilege Vulnerability.	2022-11-09	7.8	CVE-2022-41073 MISC
windows — resilient_file_system	Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability.	2022-11-09	7.8	CVE-2022-41054 MISC
windows — win32	Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability.	2022-11-09	7.8	CVE-2022-41113 MISC
windows — win32k	Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41109.	2022-11-09	7.8	CVE-2022-41092 MISC
windows — win32k	Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41092.	2022-11-09	7.8	CVE-2022-41109 MISC
wolfssl — wolfssl	In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)	2022-11-07	9.1	CVE-2022-42905 MISC MISC
xfce — xfce4-settings	In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.	2022-11-09	9.8	CVE-2022-45062 MISC MISC MISC MISC
xwiki — openid_connect	XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the oidc.endpoint.* request parameters (or by using an XWiki-based OpenID provider with oidc.xwikiprovider. With the same approach, one could also provide a specific group mapping through oidc.groups.mapping that would make his user automatically part of the XWikiAdminGroup. This issue has been patched, please upgrade to 1.29.1. There is no workaround, an upgrade of the authenticator is required.	2022-11-04	7.5	CVE-2022-39387 MISC CONFIRM MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
5-anker — 5_anker_connect	Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress.	2022-11-08	4.8	CVE-2022-30545 CONFIRM CONFIRM
acronis — cyber_protect_home_office	Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.	2022-11-07	5.5	CVE-2022-44745 MISC
acronis — cyber_protect_home_office	Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.	2022-11-07	5.5	CVE-2022-44746 MISC
addify — product_stock_manager	The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options	2022-11-07	4.3	CVE-2022-3451 CONFIRM
aioseo — all_in_one_seo	Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.	2022-11-08	6.5	CVE-2022-42494 CONFIRM CONFIRM
algolplus — advanced_dynamic_pricing_for_woocommerce	Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration.	2022-11-09	4.3	CVE-2022-43488 CONFIRM CONFIRM
algolplus — advanced_dynamic_pricing_for_woocommerce	Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.	2022-11-08	4.3	CVE-2022-43491 CONFIRM CONFIRM
algolplus — advanced_order_export	Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download.	2022-11-08	6.5	CVE-2022-40128 CONFIRM CONFIRM
bluetooth — bluetooth_core_specification	An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.	2022-11-08	4.3	CVE-2020-35473 MISC MISC
canteen_management_system_project — canteen_management_system	A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	2022-11-08	5.4	CVE-2022-43144 MISC MISC MISC
cisco — asyncos	A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.	2022-11-04	6.5	CVE-2022-20867 MISC
cisco — asyncos	A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device.	2022-11-04	6.5	CVE-2022-20942 MISC
cisco — broadworks_messaging_server	A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} [“%7b%7bvalue%7d%7d”])}]]	2022-11-04	6.5	CVE-2022-20951 MISC
cisco — email_security_appliance_firmware	A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses.	2022-11-04	5.3	CVE-2022-20772 MISC
cisco — identity_services_engine	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid credentials to access the web-based management interface of an affected device.	2022-11-04	5.4	CVE-2022-20963 MISC
cisco — identity_services_engine	A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability.	2022-11-04	5.3	CVE-2022-20937 MISC
cisco — umbrella	A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.	2022-11-04	5.4	CVE-2022-20969 MISC
codeandmore — wp_page_widget	Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change.	2022-11-08	4.3	CVE-2022-32587 CONFIRM CONFIRM
csphere — clansphere	A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter.	2022-11-09	6.1	CVE-2022-43119 MISC
diagrams — drawio	Cross-site Scripting (XSS) – DOM in GitHub repository jgraph/drawio prior to 20.5.2.	2022-11-07	6.1	CVE-2022-3873 CONFIRM MISC
diplib — diplib	diplib v3.0.0 is vulnerable to Double Free.	2022-11-04	6.5	CVE-2021-39432 MISC MISC
electronjs — electron	The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn’t possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on(‘will-redirect’)` event, for all WebContents as a workaround.	2022-11-08	6.1	CVE-2022-36077 CONFIRM
eyesofnetwork — web_interface	EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php.	2022-11-08	6.1	CVE-2022-41434 MISC
eyesofnetwork — web_interface	EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php.	2022-11-08	4.8	CVE-2022-41432 MISC
eyesofnetwork — web_interface	EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php.	2022-11-08	4.8	CVE-2022-41433 MISC
f-secure — safe	WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 3 of 5).	2022-11-07	6.5	CVE-2022-38164 MISC MISC
fatcatapps — analytics_cat	Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change.	2022-11-08	4.3	CVE-2022-27855 CONFIRM CONFIRM
feehi — feehicms	FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer.	2022-11-09	6.1	CVE-2022-43320 MISC
flatcore — flatcore-cms	A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field.	2022-11-09	6.1	CVE-2022-43118 MISC
food_ordering_management_system_project — food_ordering_management_system	Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.	2022-11-07	4.8	CVE-2022-43046 MISC
froxlor — froxlor	Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.	2022-11-05	6.1	CVE-2022-3869 CONFIRM MISC
gitlab — gitlab	An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.	2022-11-09	6.1	CVE-2022-3280 CONFIRM MISC MISC
gitlab — gitlab	An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.	2022-11-09	6.1	CVE-2022-3486 MISC MISC CONFIRM
gitlab — gitlab	A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.	2022-11-09	5.4	CVE-2022-3265 MISC MISC CONFIRM
gitlab — gitlab	An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration’s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.	2022-11-09	5.4	CVE-2022-3483 MISC MISC CONFIRM
gitlab — gitlab	An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don’t have access to.	2022-11-09	5.3	CVE-2022-2761 MISC MISC CONFIRM
gitlab — gitlab	An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don’t have access to.	2022-11-10	5.3	CVE-2022-3793 CONFIRM MISC
gitlab — gitlab	An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance.	2022-11-10	5.3	CVE-2022-3818 MISC CONFIRM
gitlab — gitlab	Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project’s Audit Events and Developers or Maintainers to view the group’s Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.	2022-11-10	4.3	CVE-2022-3413 MISC CONFIRM
gitlab — gitlab	Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn’t have access to that project.	2022-11-10	4.3	CVE-2022-3706 MISC CONFIRM
gitlab — gitlab	An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don’t have access to.	2022-11-10	4.3	CVE-2022-3819 CONFIRM MISC
google — android	In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262364; Issue ID: ALPS07262364.	2022-11-08	6.8	CVE-2022-32617 MISC
google — android	In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262454; Issue ID: ALPS07262454.	2022-11-08	6.8	CVE-2022-32618 MISC
google — android	In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242096164	2022-11-08	6.7	CVE-2022-20454 MISC
google — android	In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID: ALPS06382421.	2022-11-08	6.7	CVE-2022-21778 MISC
google — android	In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704.	2022-11-08	6.7	CVE-2022-32603 MISC
google — android	In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ALPS07213898.	2022-11-08	6.7	CVE-2022-32605 MISC
google — android	In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891.	2022-11-08	6.7	CVE-2022-32607 MISC
google — android	In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373.	2022-11-08	6.7	CVE-2022-32611 MISC
google — android	In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571.	2022-11-08	6.7	CVE-2022-32614 MISC
google — android	In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559.	2022-11-08	6.7	CVE-2022-32615 MISC
google — android	In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341258; Issue ID: ALPS07341258.	2022-11-08	6.7	CVE-2022-32616 MISC
google — android	In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233604485	2022-11-08	6.5	CVE-2022-20447 MISC
google — android	In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753.	2022-11-08	6.4	CVE-2022-32608 MISC
google — android	In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410.	2022-11-08	6.4	CVE-2022-32609 MISC
google — android	In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476.	2022-11-08	6.4	CVE-2022-32610 MISC
google — android	In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500.	2022-11-08	6.4	CVE-2022-32612 MISC
google — android	In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340.	2022-11-08	6.4	CVE-2022-32613 MISC
google — android	In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234441463	2022-11-08	5.5	CVE-2022-20414 MISC
google — android	In multiple functions of many files, there is a possible obstruction of the user’s ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-236263294	2022-11-08	5.5	CVE-2022-20426 MISC
google — android	In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-237540408	2022-11-08	5.5	CVE-2022-20448 MISC
google — android	In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240685104	2022-11-08	5.5	CVE-2022-20453 MISC
google — android	In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243924784	2022-11-08	5.5	CVE-2022-20457 MISC
google — android	In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388790; Issue ID: ALPS07388790.	2022-11-08	5.5	CVE-2022-32602 MISC
google — android	In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-218500036	2022-11-08	4.6	CVE-2022-20465 MISC
google — chrome	Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)	2022-11-09	4.3	CVE-2022-3447 MISC MISC
grafana — grafana	Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds.	2022-11-09	5.3	CVE-2022-39307 CONFIRM
gvectors — wpforo_forum	Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.	2022-11-08	5.4	CVE-2022-40632 CONFIRM CONFIRM
gvectors — wpforo_forum	Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.	2022-11-08	4.3	CVE-2022-40205 CONFIRM CONFIRM
gvectors — wpforo_forum	Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.	2022-11-08	4.3	CVE-2022-40206 CONFIRM CONFIRM
hcltech — domino	HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user’s person record.	2022-11-04	5.5	CVE-2022-38654 MISC
highlight_focus_project — highlight_focus	The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-11-07	4.8	CVE-2022-3462 CONFIRM
hotelmanager_project — hotelmanager	Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields.	2022-11-04	5.4	CVE-2021-39473 MISC MISC
huawei — harmonyos	There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.	2022-11-09	5.9	CVE-2022-44563 MISC MISC
huawei — harmonyos	There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.	2022-11-09	4.3	CVE-2022-44548 MISC MISC
human_resource_management_system_project — human_resource_management_system	A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	2022-11-07	6.1	CVE-2022-43317 MISC
infotel — tasklists	tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting (XSS) – Create XSS in task content (when add it). This issue is patched in version 2.0.3. There are no known workarounds.	2022-11-10	6.1	CVE-2022-39398 CONFIRM MISC
inhandnetworks — ir302_firmware	A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.	2022-11-09	6.5	CVE-2022-26023 MISC CONFIRM
inhandnetworks — ir302_firmware	A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.	2022-11-09	6.5	CVE-2022-29481 CONFIRM MISC
intelliants — subrion_cms	A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.	2022-11-09	6.1	CVE-2022-43120 MISC
intelliants — subrion_cms	A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.	2022-11-09	6.1	CVE-2022-43121 MISC
joomla — joomla!	An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.	2022-11-08	6.1	CVE-2022-27914 MISC
kaden — picoflux_air_water_meter	In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device.	2022-11-09	6.5	CVE-2021-34577 MISC
lenovo — elan_miniport_touchpad_driver	ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.	2022-11-07	4.7	CVE-2021-42205 MISC
mcafee — data_exchange_layer	Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker.	2022-11-07	5.5	CVE-2022-2188 MISC
microsoft — .net_framework	.NET Framework Information Disclosure Vulnerability.	2022-11-09	5.8	CVE-2022-41064 MISC
microsoft — bitlocker	BitLocker Security Feature Bypass Vulnerability.	2022-11-09	4.6	CVE-2022-41099 MISC
microsoft — dynamics_365_business_central	Microsoft Business Central Information Disclosure Vulnerability.	2022-11-09	4.4	CVE-2022-41066 MISC
microsoft — microsoft_word	Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41103.	2022-11-09	5.5	CVE-2022-41060 MISC
microsoft — microsoft_word	Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41060.	2022-11-09	5.5	CVE-2022-41103 MISC
microsoft — network_policy_server_radius	Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability.	2022-11-09	6.5	CVE-2022-41097 MISC
microsoft — office	Microsoft Excel Information Disclosure Vulnerability.	2022-11-09	5.5	CVE-2022-41105 MISC
microsoft — sharepoint_foundation	Microsoft SharePoint Server Spoofing Vulnerability.	2022-11-09	6.5	CVE-2022-41122 MISC
microsoft — windows_10	Windows Hyper-V Denial of Service Vulnerability.	2022-11-09	6.5	CVE-2022-38015 MISC
microsoft — windows_server_2008	Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37992.	2022-11-09	6.4	CVE-2022-41086 MISC
microsoft — windows_server_2019	Windows Human Interface Device Information Disclosure Vulnerability.	2022-11-09	5.5	CVE-2022-41055 MISC
net-snmp — net-snmp	handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.	2022-11-07	6.5	CVE-2022-44792 MISC MISC
net-snmp — net-snmp	handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.	2022-11-07	6.5	CVE-2022-44793 MISC MISC
objectfirst — object_first	An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611.	2022-11-07	6.5	CVE-2022-44795 MISC
openzeppelin — contracts	OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization.	2022-11-04	5.6	CVE-2022-39384 MISC CONFIRM
paloaltonetworks — cortex_xsoar	A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.	2022-11-09	6.7	CVE-2022-0031 MISC
perfexcrm — perfex_crm	perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.	2022-11-08	5.4	CVE-2021-40303 MISC
picoc_project — picoc	PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator.	2022-11-08	5.5	CVE-2022-44312 MISC MISC
picoc_project — picoc	PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall.	2022-11-08	5.5	CVE-2022-44313 MISC MISC
picoc_project — picoc	PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.	2022-11-08	5.5	CVE-2022-44314 MISC MISC
picoc_project — picoc	PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall.	2022-11-08	5.5	CVE-2022-44315 MISC MISC
picoc_project — picoc	PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken.	2022-11-08	5.5	CVE-2022-44316 MISC MISC
picoc_project — picoc	PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.	2022-11-08	5.5	CVE-2022-44317 MISC MISC
picoc_project — picoc	PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall.	2022-11-08	5.5	CVE-2022-44318 MISC MISC
picoc_project — picoc	PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall.	2022-11-08	5.5	CVE-2022-44319 MISC MISC
picoc_project — picoc	PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall.	2022-11-08	5.5	CVE-2022-44320 MISC MISC
picoc_project — picoc	PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken.	2022-11-08	5.5	CVE-2022-44321 MISC MISC
powercom_co_ltd — upsmon_pro	UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.	2022-11-10	6.5	CVE-2022-38120 MISC
powercom_co_ltd — upsmon_pro	UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators’ account names and passwords via this unprotected configuration file.	2022-11-10	6.5	CVE-2022-38121 MISC
rymera — advanced_coupons	Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal.	2022-11-08	4.3	CVE-2022-43481 CONFIRM CONFIRM
samsung — editor_lite	Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information.	2022-11-09	5.5	CVE-2022-39891 MISC
sandhillsdev — easy_digital_downloads	The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack	2022-11-07	4.3	CVE-2022-2387 CONFIRM
sanitization_management_system_project — sanitization_management_system	Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.	2022-11-07	6.5	CVE-2022-43351 MISC
sap — biller_direct	SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker’s choosing which can result in disclosure or modification of the victim’s information.	2022-11-08	6.1	CVE-2022-41207 MISC MISC
sap — financial_consolidation	Due to insufficient input validation, SAP Financial Consolidation – version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application.	2022-11-08	6.5	CVE-2022-41258 MISC MISC
sap — financial_consolidation	SAP Financial Consolidation – version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.	2022-11-08	6.1	CVE-2022-41260 MISC MISC
sap — financial_consolidation	Due to insufficient input validation, SAP Financial Consolidation – version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application.	2022-11-08	5.4	CVE-2022-41208 MISC MISC
sap — gui	SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application.	2022-11-08	6.1	CVE-2022-41205 MISC MISC
sap — netweaver_application_server_abap	Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application.	2022-11-08	6.5	CVE-2022-41214 MISC MISC
sap — netweaver_application_server_abap	Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application.	2022-11-08	4.9	CVE-2022-41212 MISC MISC
sap — netweaver_application_server_abap	SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.	2022-11-08	4.7	CVE-2022-41215 MISC MISC
sap — sql_anywhere	SAP SQL Anywhere – version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor.	2022-11-08	6.5	CVE-2022-41259 MISC MISC
searchwp — searchwp	Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.	2022-11-08	4.3	CVE-2022-40223 CONFIRM CONFIRM
shopwind — shopwind	Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.	2022-11-09	6.1	CVE-2022-43321 MISC MISC
simple_video_embedder_project — simple_video_embedder	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao’s Simple Video Embedder plugin <= 2.2 on WordPress.	2022-11-09	5.4	CVE-2022-44590 CONFIRM CONFIRM
splunk — splunk	In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.	2022-11-04	6.5	CVE-2022-43564 MISC
splunk — splunk	In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.	2022-11-04	6.5	CVE-2022-43570 MISC
splunk — splunk	In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing.	2022-11-04	6.5	CVE-2022-43572 MISC
splunk — splunk	In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.	2022-11-04	6.1	CVE-2022-43568 MISC MISC
splunk — splunk	In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.	2022-11-04	5.4	CVE-2022-43562 MISC
splunk — splunk	In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.	2022-11-04	5.4	CVE-2022-43569 MISC MISC
stiltsoft — handy_macros_for_confluence	The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.	2022-11-04	5.4	CVE-2022-44724 MISC
systemd_project — systemd	An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.	2022-11-08	5.5	CVE-2022-3821 MISC MISC MISC MISC
vmware — workspace_one_assist	VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window.	2022-11-09	6.1	CVE-2022-31688 MISC
watchdog — anti-virus	Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files.	2022-11-04	6.5	CVE-2022-38582 MISC
webartesanal — mantenimiento_web	Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress.	2022-11-08	4.8	CVE-2022-41980 CONFIRM CONFIRM
weberge — wp_hide	The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request	2022-11-07	5.3	CVE-2022-3489 CONFIRM
windows — gdi+	Windows GDI+ Information Disclosure Vulnerability.	2022-11-09	5.5	CVE-2022-41098 MISC
windows — mark_of_the_web_security_feature	Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41091.	2022-11-09	5.4	CVE-2022-41049 MISC
windows — mark_of_the_web_security_feature	Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.	2022-11-09	5.4	CVE-2022-41091 MISC
windows — point-to-point_tunneling_protocol	Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41116.	2022-11-09	5.9	CVE-2022-41090 MISC
windows — point-to-point_tunneling_protocol	Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41090.	2022-11-09	5.9	CVE-2022-41116 MISC
windows_and_linux — nvidia_gpu_display_driver	NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.	2022-11-10	6.5	CVE-2022-34666 MISC
wpadvancedads — advanced_ads_-_ad_manager_&_adsense	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress.	2022-11-08	4.8	CVE-2022-32776 CONFIRM CONFIRM
zkteco — biotime	ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.	2022-11-08	5.3	CVE-2022-30515 MISC MISC
zohocorp — zoho_crm_lead_magnet	Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.	2022-11-09	6.5	CVE-2022-41978 CONFIRM CONFIRM
zte — zaip-aie	There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.	2022-11-08	5.3	CVE-2022-39069 MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
f-secure — safe	WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 2 of 5).	2022-11-07	3.5	CVE-2022-38163 MISC MISC
google — android	In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-229793943	2022-11-08	3.3	CVE-2022-20446 MISC
google — android	In factoryReset of WifiServiceImpl, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to a local non-security issue across network factory resets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231985227	2022-11-08	3.3	CVE-2022-20463 MISC
google — android	Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid.	2022-11-09	3.3	CVE-2022-39879 MISC
google — android	Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information.	2022-11-09	3.3	CVE-2022-39884 MISC
google — android	Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.	2022-11-09	3.3	CVE-2022-39885 MISC
google — android	Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.	2022-11-09	3.3	CVE-2022-39886 MISC
google — android	Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting.	2022-11-09	3.3	CVE-2022-39887 MISC
samsung — galaxy_buds_pro_manage	Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log.	2022-11-09	3.3	CVE-2022-39893 MISC
samsung — galaxywatch4plugin	Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.	2022-11-09	3.3	CVE-2022-39889 MISC
siemens — simatic_wincc_runtime	A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.	2022-11-08	3.5	CVE-2022-30694 MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
agentflow –bpm_enterprise_management_system	Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.	2022-11-10	not yet calculated	CVE-2022-39038 MISC MISC
amd — link_android	Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.	2022-11-09	not yet calculated	CVE-2022-27673 MISC
amd — multiple_products	Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.	2022-11-09	not yet calculated	CVE-2020-12930 MISC
amd — multiple_products	Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.	2022-11-09	not yet calculated	CVE-2020-12931 MISC
amd — multiple_products	An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.	2022-11-09	not yet calculated	CVE-2021-26360 MISC
amd — multiple_products	Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.	2022-11-09	not yet calculated	CVE-2021-26391 MISC
amd — multiple_products	Insufficient verification of missing size check in ‘LoadModule’ may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.	2022-11-09	not yet calculated	CVE-2021-26392 MISC
amd — multiple_products	Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.	2022-11-09	not yet calculated	CVE-2021-26393 MISC
amd — processors	IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.	2022-11-09	not yet calculated	CVE-2022-23824 MISC MLIST
amd — μProf	Insufficient validation of the IOCTL input buffer in AMD ?Prof may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.	2022-11-09	not yet calculated	CVE-2022-23831 MISC
amd — μProf	Insufficient validation in the IOCTL input/output buffer in AMD ?Prof may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.	2022-11-09	not yet calculated	CVE-2022-27674 MISC
arches — arches	Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it’s possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds.	2022-11-11	not yet calculated	CVE-2022-41892 CONFIRM
ayacms — ayacms	AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.	2022-11-10	not yet calculated	CVE-2022-43074 MISC
bmc_remedy — bmc_remedy	An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the “number of recipients” field. NOTE: the vendor’s position is that “no real impact is demonstrated.”	2022-11-10	not yet calculated	CVE-2022-26088 MISC
btcd — btcd	btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.	2022-11-07	not yet calculated	CVE-2022-44797 MISC MISC MISC MISC
cbrn-analysis — cbrn-analysis	CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation.	2022-11-12	not yet calculated	CVE-2022-45193 MISC
cbrn-analysis — cbrn-analysis	CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure.	2022-11-12	not yet calculated	CVE-2022-45194 MISC
contiki-ng — contiki-ng	Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the “develop” branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub.	2022-11-11	not yet calculated	CVE-2022-41873 CONFIRM MISC
deeplearning4j — deeplearning4j	Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.	2022-11-10	not yet calculated	CVE-2022-36022 CONFIRM MISC
dotcms — dotcms	dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. (This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users.) Some Java application frameworks, including those used by Spring or Tomcat, allow the use of matrix parameters: these are URI parameters separated by semicolons. Through precise semicolon placement in a URI, it is possible to exploit this feature to avoid dotCMS’s path-based XSS prevention (such as “require login” filters), and consequently access restricted resources. For example, an attacker could place a semicolon immediately before a / character that separates elements of a filesystem path. This could reveal file content that is ordinarily only visible to signed-in users. This issue can be chained with other exploit code to achieve XSS attacks against dotCMS.	2022-11-10	not yet calculated	CVE-2022-35740 MISC MISC
drogon — drogon	A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464.	2022-11-11	not yet calculated	CVE-2022-3959 N/A N/A N/A N/A
eclipse — californium	Eclipse Californium is a Java implementation of RFC7252 – Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don’t cleanup counters for throttling, causing the threshold to be reached without being released again. This results in permanently dropping records. The issue was reported for certificate based handshakes, but may also affect PSK based handshakes. It generally affects client and server as well. This issue is patched in version 3.7.0 and 2.7.4. There are no known workarounds. main: commit 726bac57659410da463dcf404b3e79a7312ac0b9 2.7.x: commit 5648a0c27c2c2667c98419254557a14bac2b1f3f	2022-11-10	not yet calculated	CVE-2022-39368 CONFIRM MISC MISC
element_ios — element_ios	Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds.	2022-11-11	not yet calculated	CVE-2022-41904 MISC CONFIRM
eolinker — goku_lite	A vulnerability classified as critical has been found in eolinker goku_lite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213453 was assigned to this vulnerability.	2022-11-11	not yet calculated	CVE-2022-3947 N/A N/A N/A
eolinker — goku_lite	A vulnerability classified as critical was found in eolinker goku_lite. This vulnerability affects unknown code of the file /plugin/getList. The manipulation of the argument route/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-213454 is the identifier assigned to this vulnerability.	2022-11-11	not yet calculated	CVE-2022-3948 N/A N/A N/A
espcms — espcms	ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT.	2022-11-10	not yet calculated	CVE-2022-44087 MISC MISC
espcms — espcms	ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION.	2022-11-10	not yet calculated	CVE-2022-44088 MISC MISC
espcms — espcms	ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE.	2022-11-10	not yet calculated	CVE-2022-44089 MISC MISC
etic_telecom — remote_access_server	All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.	2022-11-10	not yet calculated	CVE-2022-3703 MISC
etic_telecom — remote_access_server	All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.	2022-11-10	not yet calculated	CVE-2022-40981 MISC
etic_telecom — remote_access_server	All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.	2022-11-10	not yet calculated	CVE-2022-41607 MISC
exiv2 — exiv2	A vulnerability was found in Exiv2. It has been classified as problematic. This affects the function QuickTimeVideo::multipleEntriesDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to infinite loop. It is possible to initiate the attack remotely. The name of the patch is 771ead87321ae6e39e5c9f6f0855c58cde6648f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213459.	2022-11-11	not yet calculated	CVE-2022-3953 N/A N/A N/A
fortbridge — plesk_obsidian	Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names (“Obsidian”), not numbers.	2022-11-10	not yet calculated	CVE-2022-45130 MISC
foru — cms	A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability.	2022-11-11	not yet calculated	CVE-2022-3943 N/A N/A
foxit — foxit_reader	An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.	2022-11-09	not yet calculated	CVE-2022-43310 MISC MISC MISC
gnuboard5 — gnuboard5	A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540.	2022-11-12	not yet calculated	CVE-2022-3963 N/A N/A
go — vela	Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to Server 0.16.0, Worker 0.16.0, and UI 0.17.0 to fix the issue. After upgrading, Vela administrators will need to explicitly change the default settings to configure Vela as desired. Some of the fixes will interrupt existing workflows and will require Vela administrators to modify default settings. However, not applying the patch (or workarounds) will continue existing risk exposure. Some workarounds are available. Vela administrators can adjust the worker’s `VELA_RUNTIME_PRIVILEGED_IMAGES` setting to be explicitly empty, leverage the `VELA_REPO_ALLOWLIST` setting on the server component to restrict access to a list of repositories that are allowed to be enabled, and/or audit enabled repositories and disable pull_requests if they are not needed.	2022-11-10	not yet calculated	CVE-2022-39395 MISC MISC MISC MISC MISC CONFIRM MISC MISC MISC MISC
gpac — gpac	A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.	2022-11-11	not yet calculated	CVE-2022-3957 N/A N/A
grafana — grafana	Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. This introduces a vulnerability which can be used with malicious intent. This issue is patched in version 9.2.4, and has been backported to 8.5.15. There are no known workarounds.	2022-11-09	not yet calculated	CVE-2022-39306 CONFIRM
graphql — graphql	ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically administrators and editors. This issue has been patched in versions 2.3.12, and 1.0.13 on the 1.X branch. Users unable to upgrade can remove the “passwordHash” entry from “src/bundle/Resources/config/graphql/User.types.yaml” in the GraphQL package, and other properties like hash type, email, login if you prefer.	2022-11-10	not yet calculated	CVE-2022-41876 CONFIRM
hashicorp — nomad_enterprise	HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.	2022-11-10	not yet calculated	CVE-2022-3866 MISC
hashicorp — nomad_enterprise	HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.	2022-11-10	not yet calculated	CVE-2022-3867 MISC
huawei — harmonyos	The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.	2022-11-09	not yet calculated	CVE-2022-44551 MISC MISC
huawei — harmonyos	The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.	2022-11-09	not yet calculated	CVE-2022-44552 MISC MISC
huawei — harmonyos	The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.	2022-11-09	not yet calculated	CVE-2022-44553 MISC MISC
huawei — harmonyos	The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.	2022-11-09	not yet calculated	CVE-2022-44554 MISC MISC
huawei — harmonyos	The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.	2022-11-09	not yet calculated	CVE-2022-44555 MISC MISC
huawei — harmonyos	The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.	2022-11-09	not yet calculated	CVE-2022-44557 MISC MISC
huawei — harmonyos	The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.	2022-11-09	not yet calculated	CVE-2022-44558 MISC MISC
huawei — harmonyos	The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.	2022-11-09	not yet calculated	CVE-2022-44559 MISC MISC
huawei — harmonyos	The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.	2022-11-09	not yet calculated	CVE-2022-44560 MISC MISC
huawei — harmonyos	The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.	2022-11-09	not yet calculated	CVE-2022-44561 MISC MISC
hyperledger — hyperledger_fabric	Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.	2022-11-12	not yet calculated	CVE-2022-45196 MISC MISC
ibm — cloud_pak_for_security	IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663.	2022-11-11	not yet calculated	CVE-2022-36776 MISC MISC
ibm — cloud_pak_for_security	IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786.	2022-11-11	not yet calculated	CVE-2022-38387 MISC MISC
ibm — multiple_products	IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.	2022-11-11	not yet calculated	CVE-2022-31772 MISC MISC
ibm — powervm_hypervisor	After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.	2022-11-11	not yet calculated	CVE-2022-34331 MISC MISC
ibm — websphere_application_server	IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.	2022-11-11	not yet calculated	CVE-2022-40750 MISC MISC
inhand_networks– inrouter302	The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.	2022-11-09	not yet calculated	CVE-2022-25932 MISC CONFIRM
intel — advanced_link_analyzer_pro	Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-27638 MISC
intel — amt	Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2021-33159 MISC
intel — amt	Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.	2022-11-11	not yet calculated	CVE-2022-26845 MISC
intel — amt	Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access.	2022-11-11	not yet calculated	CVE-2022-27497 MISC
intel — amt	Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access.	2022-11-11	not yet calculated	CVE-2022-29893 MISC
intel — dcm	Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.	2022-11-11	not yet calculated	CVE-2022-33942 MISC
intel — distribution_of_openvino_toolkit	Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access.	2022-11-11	not yet calculated	CVE-2021-26251 MISC
intel — ema	Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-30297 MISC
intel — glorp	Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-30548 MISC
intel — hyperscan_library	Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access.	2022-11-11	not yet calculated	CVE-2022-29486 MISC
intel — multiple_products	Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-21794 MISC
intel — multiple_products	Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-26024 MISC
intel — multiple_products	Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-26124 MISC
intel — multiple_products	Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access.	2022-11-11	not yet calculated	CVE-2022-26341 MISC
intel — multiple_products	Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-33176 MISC
intel — multiple_products	Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-34152 MISC
intel — multiple_products	Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.	2022-11-11	not yet calculated	CVE-2022-36349 MISC
intel — multiple_products	Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-36370 MISC
intel — multiple_products	Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-36789 MISC
intel — multiple_products	Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-37334 MISC
intel — nuc	Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-35276 MISC
intel — nuc_11_compute_elements	Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-38099 MISC
intel — nuc_kit_wireless_adapter	Incorrect default permissions in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-36377 MISC
intel — nuc_kit_wireless_adapter	Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-36380 MISC
intel — nuc_kit_wireless_adapter	Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-36384 MISC
intel — nuc_kit_wireless_adapter	Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-36400 MISC
intel — nuc_kits	Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-37345 MISC
intel — nuc_m15_laptop_kits	Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-32569 MISC
intel — nucs	Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2021-33164 MISC
intel — presentmon	Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-26086 MISC
intel — processors	Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-21198 MISC
intel — processors	Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-26006 MISC
intel — proset/wireless_wifi	Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access.	2022-11-11	not yet calculated	CVE-2022-28667 MISC
intel — quartus_prime_pro	XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.	2022-11-11	not yet calculated	CVE-2022-27233 MISC
intel — quartus_prime_standard	Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-27187 MISC
intel — sdp_tool	Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access.	2022-11-11	not yet calculated	CVE-2022-26508 MISC
intel — server_board_m10jnp_family	Improper input validation in the firmware for some Intel(R) Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access.	2022-11-10	not yet calculated	CVE-2021-0185 MISC
intel — server_board_m50cyp_family	Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access.	2022-11-11	not yet calculated	CVE-2022-25917 MISC
intel — server_systems	Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-30542 MISC
intel — sgx_sdk	Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.	2022-11-11	not yet calculated	CVE-2022-27499 MISC
intel — sps	Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access.	2022-11-11	not yet calculated	CVE-2022-29466 MISC
intel — sps_chipsets	Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.	2022-11-11	not yet calculated	CVE-2022-29515 MISC
intel — support_android_application	Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access.	2022-11-11	not yet calculated	CVE-2022-30691 MISC
intel — support_android_application	Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access.	2022-11-11	not yet calculated	CVE-2022-36367 MISC
intel — system_studio	Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2021-33064 MISC
intel — vtune_profiler	Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-26028 MISC
intel — wapi	Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access.	2022-11-11	not yet calculated	CVE-2022-33973 MISC
intel — xmm_7560_modem	Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.	2022-11-11	not yet calculated	CVE-2022-26045 MISC
intel — xmm_7560_modem	Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-26079 MISC
intel — xmm_7560_modem	Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-26367 MISC
intel — xmm_7560_modem	Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.	2022-11-11	not yet calculated	CVE-2022-26369 MISC
intel — xmm_7560_modem	Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.	2022-11-11	not yet calculated	CVE-2022-26513 MISC
intel — xmm_7560_modem	Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.	2022-11-11	not yet calculated	CVE-2022-27639 MISC
intel — xmm_7560_modem	Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.	2022-11-11	not yet calculated	CVE-2022-27874 MISC
intel — xmm_7560_modem	Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.	2022-11-11	not yet calculated	CVE-2022-28126 MISC
intel — xmm_7560_modem	Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.	2022-11-11	not yet calculated	CVE-2022-28611 MISC
intel — multiple_products	Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.	2022-11-11	not yet calculated	CVE-2022-26047 MISC
istio — istio	Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds.	2022-11-10	not yet calculated	CVE-2022-39388 CONFIRM MISC MISC MISC
jerryhanjj — erp	A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451.	2022-11-11	not yet calculated	CVE-2022-3944 N/A N/A
kareadita — kavita	Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.	2022-11-11	not yet calculated	CVE-2022-3945 CONFIRM MISC
lanyulei — ferry	A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier assigned to this vulnerability.	2022-11-11	not yet calculated	CVE-2022-3939 N/A
lanyulei — ferry	A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument file_name leads to path traversal. The associated identifier of this vulnerability is VDB-213447.	2022-11-11	not yet calculated	CVE-2022-3940 N/A
lin-cms — lin-cms	An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator.	2022-11-09	not yet calculated	CVE-2022-44244 MISC MISC
manageengine — mobile_device_manager_plus	In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation.	2022-11-12	not yet calculated	CVE-2022-41339 MISC
manageengine — multiple_products	Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.	2022-11-12	not yet calculated	CVE-2022-43671 MISC
manageengine — multiple_products	Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.	2022-11-12	not yet calculated	CVE-2022-43672 MISC
manageengine — servicedesk_plus_msp	Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.	2022-11-12	not yet calculated	CVE-2022-40773 MISC MISC
mitsubishi_electric — multiple_products	Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric’s advisory which is listed in [References] section.	2022-11-08	not yet calculated	CVE-2022-33321 MISC MISC
mitsubishi_electric — multiple_products	Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user’s browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric’s advisory which is listed in [References] section.	2022-11-08	not yet calculated	CVE-2022-33322 MISC MISC
mm-wki — mm-wki	mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS).	2022-11-10	not yet calculated	CVE-2021-40289 MISC
netatalk — netatalk	Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).	2022-11-12	not yet calculated	CVE-2022-45188 MISC MISC MISC MISC
nextcloud — desktop_client	The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. “vbs”, is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused.	2022-11-11	not yet calculated	CVE-2022-41882 MISC CONFIRM MISC MISC
novell_products — multiple_products	A Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.	2022-11-10	not yet calculated	CVE-2022-43753 CONFIRM
novell_products — multiple_products	An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.	2022-11-10	not yet calculated	CVE-2022-43754 CONFIRM
opensearch — opensearch_notifications	OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin 2.2.0 and below could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin’s intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds.	2022-11-11	not yet calculated	CVE-2022-41906 MISC CONFIRM MISC
owncloud — server	The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.	2022-11-10	not yet calculated	CVE-2022-43679 MISC
parse_server — parse_server	Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the `requestKeywordDenylist` option. This issue is fixed in versions 4.10.19, and 5.3.2. If upgrade is not possible, the following Workarounds may be applied: Configure your firewall to only allow trusted servers to make request to the Parse Server Cloud Code Webhooks API, or block the API completely if you are not using the feature.	2022-11-10	not yet calculated	CVE-2022-41878 CONFIRM
parse_server — parse_server	Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server `requestKeywordDenylist` option. This issue has been patched in versions 5.3.3 and 4.10.20. There are no known workarounds.	2022-11-10	not yet calculated	CVE-2022-41879 CONFIRM
payara — payara	Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.	2022-11-10	not yet calculated	CVE-2022-45129 MISC MISC MISC MISC MISC
pi-star — pi-star_dv_dash	Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.	2022-11-11	not yet calculated	CVE-2022-45182 MISC MISC MISC MISC MISC
portofino — manydesigns	A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability.	2022-11-11	not yet calculated	CVE-2022-3952 N/A N/A N/A N/A
prestashop — eu_cookie_law_gdpr_module	The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ).	2022-11-10	not yet calculated	CVE-2022-44727 MISC MISC MISC
redex — redex	DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.	2022-11-11	not yet calculated	CVE-2022-36938 MISC
sandisk — multiple_products	Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux.	2022-11-09	not yet calculated	CVE-2022-29836 MISC
sanluan — publiccms	A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456.	2022-11-11	not yet calculated	CVE-2022-3950 N/A N/A
simplex — simplexmq	SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol.	2022-11-12	not yet calculated	CVE-2022-45195 MISC MISC MISC MISC
snakeyaml — snakeyaml	Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.	2022-11-11	not yet calculated	CVE-2022-41854 CONFIRM
sourcecodester — sanitization_management_system	A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.	2022-11-11	not yet calculated	CVE-2022-3942 N/A
sourcecodester — simple_cashiering_system	A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-213455.	2022-11-11	not yet calculated	CVE-2022-3949 N/A
suse — multiple_products	An Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.	2022-11-10	not yet calculated	CVE-2022-31255 CONFIRM
sysstat — sa_common.c	sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.	2022-11-08	not yet calculated	CVE-2022-39377 CONFIRM
tauri — tauri	Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json.	2022-11-10	not yet calculated	CVE-2022-41874 CONFIRM
tholum — crm42	A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42classclass.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability.	2022-11-11	not yet calculated	CVE-2022-3955 N/A N/A
tsruban — hhims	A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability.	2022-11-11	not yet calculated	CVE-2022-3956 N/A N/A
unmarshal — unmarshal	Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.	2022-11-10	not yet calculated	CVE-2022-41719 MISC MISC MISC
wasmtime — webassembly	Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime’s implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration requirements for safely executing WebAssembly modules. Wasmtime’s default settings require virtual memory page faults to indicate that wasm reads/writes are out-of-bounds, but the pooling allocator’s configuration would not create an appropriate virtual memory mapping for this meaning out of bounds reads/writes can successfully read/write memory unrelated to the wasm sandbox within range of the base address of the memory mapping created by the pooling allocator. This bug is not applicable with the default settings of the `wasmtime` crate. This bug can only be triggered by setting `InstanceLimits::memory_pages` to zero. This is expected to be a very rare configuration since this means that wasm modules cannot allocate any pages of linear memory. All wasm modules produced by all current toolchains are highly likely to use linear memory, so it’s expected to be unlikely that this configuration is set to zero by any production embedding of Wasmtime. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by increasing the `memory_pages` allotment when configuring the pooling allocator to a value greater than zero. If an embedding wishes to still prevent memory from actually being used then the `Store::limiter` method can be used to dynamically disallow growth of memory beyond 0 bytes large. Note that the default `memory_pages` value is greater than zero.	2022-11-10	not yet calculated	CVE-2022-39392 CONFIRM MISC
wasmtime — webassembly	Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime’s implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`.	2022-11-10	not yet calculated	CVE-2022-39393 MISC CONFIRM
wasmtime — webassembly	Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime’s C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected.	2022-11-10	not yet calculated	CVE-2022-39394 CONFIRM MISC
wiesemann_&_theis — comserver	Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. An unathenticated remote attacker can brute force the session id and gets access to an account on the the device.	2022-11-10	not yet calculated	CVE-2022-42787 MISC
wordpress — wordpress	A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448.	2022-11-11	not yet calculated	CVE-2022-3941 N/A N/A N/A
wordpress — wordpress	Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress.	2022-11-10	not yet calculated	CVE-2022-42460 CONFIRM CONFIRM
wsgidav — wsgidav	WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration.	2022-11-11	not yet calculated	CVE-2022-41905 MISC CONFIRM
xpdfreader — xpdfreader	xpdfreader 4.03 is vulnerable to Buffer Overflow.	2022-11-10	not yet calculated	CVE-2021-40226 MISC
xterm — xterm	xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.	2022-11-10	not yet calculated	CVE-2022-45063 MISC MISC MISC MLIST MLIST

This product is provided subject to this Notification and this Privacy & Use policy.

Managed Security Services

Cyber Threat Intelligence

iDNA

SiON

About Us

Leadership

Advisors

Cyber Security Assessment

SOC Cost Calculator

Request a Dark Web Report

Cyber Security Threat Alerts

What is Incident Response?

SOC 2 Compliance

Cyber Security Definitions and Terminology

Cyber Security Jobs

Blog

Podcast

Instagram

LinkedIn

Twitter

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Company

Our services

Resources

Partners

Cyber news

Weekly Newsletter

Subscribe to our weekly newsletter on cyber news and best practices!