Security Bulletin 07 Dec 2022

Published on 22 Feb 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2020-12079Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.10https://nvd.nist.gov/vuln/detail/CVE-2020-12079
CVE-2020-11066In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2.10https://nvd.nist.gov/vuln/detail/CVE-2020-11066
CVE-2018-3856An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3856
CVE-2017-12562Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-12562
CVE-2019-4008API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-4008
CVE-2019-6543AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-6543
CVE-2019-4032IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-4032
CVE-2019-6557Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-6557
CVE-2019-3918The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-3918
CVE-2019-4012IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-4012
CVE-2019-7304Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-7304
CVE-2019-3932Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-3932
CVE-2019-3939Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-3939
CVE-2019-6548GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-6548
CVE-2019-6957A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-6957
CVE-2019-4336IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-4336
CVE-2019-14379SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-14379
CVE-2019-4481IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-4481
CVE-2019-4483IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-4483
CVE-2019-6840A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-6840
CVE-2019-14842Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these chunks contains a negative offset then data under control of the server is written to memory before the read buffer supplied by the client. If the read buffer is located on the stack then this allows the stack return address from nbd_pread() to be trivially modified, allowing arbitrary code execution under the control of the server. If the buffer is located on the heap then other memory objects before the buffer can be overwritten, which again would usually lead to arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-14842
CVE-2020-2801Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. Note: The patch for this issue will address the vulnerability only if the WLS instance is using JDK 1.7.0_191 or later, or JDK 1.8.0_181 or later. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-2801
CVE-2020-7679In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7679
CVE-2020-7699This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7699
CVE-2020-7700All versions of phpjs are vulnerable to Prototype Pollution via parse_str.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7700
CVE-2020-7701madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7701
CVE-2020-7702All versions of package templ8 are vulnerable to Prototype Pollution via the parse function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7702
CVE-2020-7703All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7703
CVE-2020-7704The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7704
CVE-2020-7706The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7706
CVE-2020-7707The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7707
CVE-2020-7708The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7708
CVE-2020-24032tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24032
CVE-2020-7713All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7713
CVE-2020-7714All versions of package confucious are vulnerable to Prototype Pollution via the set function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7714
CVE-2020-7715All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7715
CVE-2020-7716All versions of package deeps are vulnerable to Prototype Pollution via the set function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7716
CVE-2020-7717All versions of package dot-notes are vulnerable to Prototype Pollution via the create function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7717
CVE-2020-7718All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7718
CVE-2020-7719Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7719
CVE-2020-7721All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7721
CVE-2020-7722All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7722
CVE-2020-7723All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7723
CVE-2020-7724All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7724
CVE-2020-7725All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7725
CVE-2020-7726All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7726
CVE-2020-7727All versions of package gedi are vulnerable to Prototype Pollution via the set function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7727
CVE-2020-24379WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24379
CVE-2020-24916CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24916
CVE-2019-0230Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-0230
CVE-2020-7736The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7736
CVE-2020-7737All versions of package safetydance are vulnerable to Prototype Pollution via the set function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7737
CVE-2020-7746This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7746
CVE-2020-7766This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7766
CVE-2020-7768The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7768
CVE-2020-7770This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7770
CVE-2020-28269Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28269
CVE-2020-28271Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28271
CVE-2020-7774The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7774
CVE-2020-17531A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-17531
CVE-2020-7788This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7788
CVE-2020-28448This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28448
CVE-2021-3177Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-3177
CVE-2020-14343A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-14343
CVE-2020-28601A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28601
CVE-2020-28636A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28636
CVE-2020-35628A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-35628
CVE-2020-35636A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-35636
CVE-2021-26707The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26707
CVE-2021-23419This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor payload.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-23419
CVE-2021-3711In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-3711
CVE-2021-23442This affects all versions of package @cookiex/deep. The global proto object can be polluted using the __proto__ object.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-23442
CVE-2021-23452This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-23452
CVE-2021-21693When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21693
CVE-2021-3918json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')9.8https://nvd.nist.gov/vuln/detail/CVE-2021-3918
CVE-2021-38578Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38578
CVE-2022-1664Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1664
CVE-2022-31003Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31003
CVE-2022-26376A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26376
CVE-2022-27631A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27631
CVE-2022-2840The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2840
CVE-2022-36944Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36944
CVE-2022-21797The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-21797
CVE-2022-42968Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-42968
CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37454
CVE-2022-3649A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-3649
CVE-2021-26727Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26727
CVE-2021-26728Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26728
CVE-2021-26729Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26729
CVE-2021-26730A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26730
CVE-2021-26731Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26731
CVE-2021-46279Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46279
CVE-2022-43747baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-43747
CVE-2022-45063xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45063
CVE-2022-42058Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-42058
CVE-2022-4116A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4116
CVE-2022-41922`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41922
CVE-2022-41875A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41875
CVE-2022-41923Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack. This vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1. Impacted Applications: Grails Spring Security Core plugin versions: 1.x 2.x >=3.0.0 <3.3.2 >=4.0.0 <4.0.5 >=5.0.0 <5.1.1 We strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin. Workarounds: Users should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration: * `AnnotationFilterInvocationDefinition` * `InterceptUrlMapFilterInvocationDefinition` * `RequestmapFilterInvocationDefinition` In each case, the subclass should override the `calculateUri` method like so: ``` @Override protected String calculateUri(HttpServletRequest request) { UrlPathHelper.defaultInstance.getRequestUri(request) } ``` This should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41923
CVE-2022-45872iTerm2 before 3.4.18 mishandles a DECRQSS response.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45872
CVE-2022-4136Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4136
CVE-2022-2650Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2650
CVE-2022-41705Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41705
CVE-2022-41157A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41157
CVE-2022-41158Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41158
CVE-2022-44843TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44843
CVE-2022-44844TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44844
CVE-2022-45908In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45908
CVE-2022-45933KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45933
CVE-2022-3603The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-3603
CVE-2022-41912The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41912
CVE-2022-44283AVS Audio Converter 10.3 is vulnerable to Buffer Overflow.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44283
CVE-2022-44399Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44399
CVE-2022-42109Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-42109
CVE-2022-44038Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44038
CVE-2022-44354SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44354
CVE-2022-3751SQL Injection in GitHub repository owncast/owncast prior to 0.0.13.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-3751
CVE-2022-44096Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44096
CVE-2022-44097Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44097
CVE-2022-4222A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4222
CVE-2022-4229A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4229
CVE-2022-4232A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4232
CVE-2022-44136Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44136
CVE-2022-44151Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44151
CVE-2022-46162discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. As a workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-46162
CVE-2022-44262ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44262
CVE-2022-36431An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36431
CVE-2022-4247A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214624.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4247
CVE-2022-4248A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214625 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4248
CVE-2022-4221Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4221
CVE-2022-1471SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1471
CVE-2022-3270In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-3270
CVE-2022-30528SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-30528
CVE-2022-37016Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37016
CVE-2022-4257A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4257
CVE-2022-43333Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-43333
CVE-2022-43325An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-43325
CVE-2022-44928D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44928
CVE-2022-44929An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44929
CVE-2022-44930D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44930
CVE-2022-2807Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2807
CVE-2022-45482Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45482
CVE-2022-44362Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44362
CVE-2022-44363Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44363
CVE-2022-44365Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44365
CVE-2022-44366Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44366
CVE-2022-44367Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44367
CVE-2022-46145authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-46145
CVE-2022-3520Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-3520
CVE-2022-2641Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2641
CVE-2022-44290webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44290
CVE-2022-44291webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44291
CVE-2022-44945Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44945
CVE-2022-4272A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4272
CVE-2022-4273A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4273
CVE-2022-3491Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-3491
CVE-2022-4274A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4274
CVE-2022-4275A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4275
CVE-2022-4276A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4276
CVE-2022-4277A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4277
CVE-2022-46414An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-46414
CVE-2022-41642OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41642
CVE-2022-42496OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-42496
CVE-2022-45822Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45822
CVE-2022-45046The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45046
CVE-2022-45313Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45313
CVE-2022-45315Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45315
CVE-2022-46169Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: <TARGETIP>`. This way the function `get_client_addr` returns the IP address of the server running Cacti. The following call to `gethostbyaddr` will resolve this IP address to the hostname of the server, which will pass the `poller` hostname check because of the default entry. After the authorization of the `remote_agent.php` file is bypassed, an attacker can trigger different actions. One of these actions is called `polldata`. The called function `poll_for_data` retrieves a few request parameters and loads the corresponding `poller_item` entries from the database. If the `action` of a `poller_item` equals `POLLER_ACTION_SCRIPT_PHP`, the function `proc_open` is used to execute a PHP script. The attacker-controlled parameter `$poller_id` is retrieved via the function `get_nfilter_request_var`, which allows arbitrary strings. This variable is later inserted into the string passed to `proc_open`, which leads to a command injection vulnerability. By e.g. providing the `poller_id=;id` the `id` command is executed. In order to reach the vulnerable call, the attacker must provide a `host_id` and `local_data_id`, where the `action` of the corresponding `poller_item` is set to `POLLER_ACTION_SCRIPT_PHP`. Both of these ids (`host_id` and `local_data_id`) can easily be bruteforced. The only requirement is that a `poller_item` with an `POLLER_ACTION_SCRIPT_PHP` action exists. This is very likely on a productive instance because this action is added by some predefined templates like `Device - Uptime` or `Device - Polling Time`. This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_...` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-46169
CVE-2022-40259AMI MegaRAC Redfish Arbitrary Code Execution9.8https://nvd.nist.gov/vuln/detail/CVE-2022-40259
CVE-2022-41924A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-41924
CVE-2018-1115postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.9.1https://nvd.nist.gov/vuln/detail/CVE-2018-1115
CVE-2019-6522Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.9.1https://nvd.nist.gov/vuln/detail/CVE-2019-6522
CVE-2019-3935Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows.9.1https://nvd.nist.gov/vuln/detail/CVE-2019-3935
CVE-2019-6837A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.9.1https://nvd.nist.gov/vuln/detail/CVE-2019-6837
CVE-2021-23926The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-23926
CVE-2020-36242In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-36242
CVE-2021-27582org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-27582
CVE-2022-28805singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-28805
CVE-2022-36133The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-36133
CVE-2022-45152A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-45152
CVE-2022-45909drachtio-server 0.8.18 has a heap-based buffer over-read via a long Request-URI in an INVITE request.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-45909
CVE-2022-43705In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).9.1https://nvd.nist.gov/vuln/detail/CVE-2022-43705

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2017-6891Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-6891
CVE-2018-11490The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-11490
CVE-2018-11135The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-11135
CVE-2018-3853An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3853
CVE-2018-3893An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3893
CVE-2018-3895An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3895
CVE-2018-3896An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "correlationId" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3896
CVE-2018-3897An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "callbackUrl" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3897
CVE-2018-3894An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "startTime" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3894
CVE-2018-19296PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-19296
CVE-2019-3906Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-3906
CVE-2019-6561Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-6561
CVE-2019-3919The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-3919
CVE-2019-3920The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-3920
CVE-2019-9057An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-9057
CVE-2019-9061An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-9061
CVE-2019-7230The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-7230
CVE-2019-7232The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-7232
CVE-2019-4224IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-4224
CVE-2019-7228The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-7228
CVE-2019-7226The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-7226
CVE-2019-4212IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-4212
CVE-2019-17316SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-17316
CVE-2019-10808utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-10808
CVE-2020-15901In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-15901
CVE-2020-27386An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27386
CVE-2020-12351Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-12351
CVE-2020-35576A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-35576
CVE-2020-9492In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-9492
CVE-2020-36388In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-36388
CVE-2020-35633A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-35633
CVE-2020-35634A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-35634
CVE-2020-35635A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-35635
CVE-2022-1050A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1050
CVE-2021-21944Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place trying to copy the first 12 bits from local variable.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21944
CVE-2021-21945Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place trying to copy the second 12 bits from local variable.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21945
CVE-2021-21946Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer overflow takes place when the `SOF3` precision is lower than 9.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21946
CVE-2021-21947Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer overflow takes place when the `SOF3` precision is greater or equal than 9.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21947
CVE-2022-29281Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).8.8https://nvd.nist.gov/vuln/detail/CVE-2022-29281
CVE-2020-28602Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[].8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28602
CVE-2020-28603Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28603
CVE-2020-28604Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28604
CVE-2020-28605Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_vertex().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28605
CVE-2020-28606Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28606
CVE-2020-28607Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28607
CVE-2020-28608Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_fc().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28608
CVE-2020-28609Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_iv().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28609
CVE-2020-28610Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_face().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28610
CVE-2020-28611Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_first_out_edge().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28611
CVE-2020-28612Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_begin().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28612
CVE-2020-28613Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_last().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28613
CVE-2020-28614Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_begin().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28614
CVE-2020-28615Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_last().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28615
CVE-2020-28616Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_begin().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28616
CVE-2020-28617Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28617
CVE-2020-28618Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfloop().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28618
CVE-2020-28619Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28619
CVE-2020-28620Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->center_vertex():.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28620
CVE-2020-28621Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->out_sedge().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28621
CVE-2020-28622Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->incident_sface().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28622
CVE-2020-28623Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->twin().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28623
CVE-2020-28624Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SEdge_of.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28624
CVE-2020-28625Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SLoop_of.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28625
CVE-2020-28626Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->incident_volume().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28626
CVE-2020-28627Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28627
CVE-2020-28628Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() seh->twin().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28628
CVE-2020-28629Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->sprev().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28629
CVE-2020-28630Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->snext().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28630
CVE-2020-28631Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->source().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28631
CVE-2020-28632Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->incident_sface().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28632
CVE-2020-28633Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28633
CVE-2020-28634Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28634
CVE-2020-28635Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28635
CVE-2020-35629Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sloop() slh->facet().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-35629
CVE-2020-35630Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->center_vertex().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-35630
CVE-2020-35631Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() SD.link_as_face_cycle().8.8https://nvd.nist.gov/vuln/detail/CVE-2020-35631
CVE-2020-35632Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Edge_of.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-35632
CVE-2021-44519In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-44519
CVE-2021-24957The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24957
CVE-2021-25642ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-25642
CVE-2022-38139Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38139
CVE-2022-41040Microsoft Exchange Server Elevation of Privilege Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-41040
CVE-2022-41082Microsoft Exchange Server Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-41082
CVE-2022-38045Server Service Remote Protocol Elevation of Privilege Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38045
CVE-2022-3370Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3370
CVE-2022-3373Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3373
CVE-2022-42787Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be successful a user interaction is required.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-42787
CVE-2022-3861The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3861
CVE-2022-39066There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-39066
CVE-2022-23740CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23740
CVE-2021-43258CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43258
CVE-2022-41925A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node’s Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the node’s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user’s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop. All Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-41925
CVE-2022-41928XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e238.8https://nvd.nist.gov/vuln/detail/CVE-2022-41928
CVE-2022-41931xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-41931
CVE-2022-41934XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-41934
CVE-2022-40282The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-40282
CVE-2022-23044Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23044
CVE-2022-45475Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-45475
CVE-2022-45476Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-45476
CVE-2022-3768The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3768
CVE-2022-3769The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3769
CVE-2022-3848The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3848
CVE-2022-3849The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3849
CVE-2022-3865The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3865
CVE-2022-31877An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-31877
CVE-2022-34654Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34654
CVE-2022-38140Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38140
CVE-2022-45442Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-45442
CVE-2022-44037An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-44037
CVE-2022-40799Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-40799
CVE-2022-4202A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214518 is the identifier assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4202
CVE-2022-46146Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46146
CVE-2022-44635Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-44635
CVE-2022-46152OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The commands `OPTEE_MSG_CMD_OPEN_SESSION` and `OPTEE_MSG_CMD_INVOKE_COMMAND` can be executed from the normal world via an OP-TEE SMC. This function is not validating the `num_params` argument, which is only limited to `OPTEE_MSG_MAX_NUM_PARAMS` (127) in the function `get_cmd_buffer()`. Therefore, an attacker in the normal world can craft an SMC call that will cause out-of-bounds reading in `cleanup_shm_refs` and potentially freeing of fake-objects in the function `mobj_put()`. A normal-world attacker with permission to execute SMC instructions may exploit this flaw. Maintainers believe this problem permits local privilege escalation from the normal world to the secure world. Version 3.19.0 contains a fix for this issue. There are no known workarounds.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46152
CVE-2022-36960SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36960
CVE-2022-36964SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36964
CVE-2022-4174Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4174
CVE-2022-4175Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4175
CVE-2022-4176Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4176
CVE-2022-4177Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4177
CVE-2022-4178Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4178
CVE-2022-4179Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4179
CVE-2022-4180Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4180
CVE-2022-4181Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4181
CVE-2022-4190Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4190
CVE-2022-4191Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4191
CVE-2022-4192Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4192
CVE-2022-4193Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4193
CVE-2022-4194Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4194
CVE-2022-26366Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26366
CVE-2021-4242A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4242
CVE-2022-40489ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-40489
CVE-2022-45045Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-45045
CVE-2022-3713A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3713
CVE-2022-35120IXPdata EasyInstall 6.6.14725 contains an access control issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35120
CVE-2022-45562Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-45562
CVE-2022-2808Algan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2808
CVE-2022-46167Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the OwnerReference, removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation. Patches have been released for version 0.1.3. No known workarounds are available.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46167
CVE-2022-4262Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4262
CVE-2022-46410An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46410
CVE-2022-46411An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46411
CVE-2022-46412An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46412
CVE-2022-46413An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46413
CVE-2022-4281A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4281
CVE-2022-45771An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-45771
CVE-2022-45020Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-45020
CVE-2022-41412An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.8.6https://nvd.nist.gov/vuln/detail/CVE-2022-41412
CVE-2022-3709A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.8.4https://nvd.nist.gov/vuln/detail/CVE-2022-3709
CVE-2019-4433IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890.8.2https://nvd.nist.gov/vuln/detail/CVE-2019-4433
CVE-2019-4340IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419.8.2https://nvd.nist.gov/vuln/detail/CVE-2019-4340
CVE-2019-4424IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770.8.2https://nvd.nist.gov/vuln/detail/CVE-2019-4424
CVE-2019-4513IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.8.2https://nvd.nist.gov/vuln/detail/CVE-2019-4513
CVE-2020-14723Vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Help Technologies. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Help Technologies, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Help Technologies accessible data as well as unauthorized update, insert or delete access to some of Oracle Help Technologies accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).8.2https://nvd.nist.gov/vuln/detail/CVE-2020-14723
CVE-2022-36337An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-36337
CVE-2022-41930org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page `XWiki.XWikiUserProfileSheet` in the wiki and by performing the changes contained in https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-41930
CVE-2022-41706Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-41706
CVE-2022-4020Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-4020
CVE-2019-5456SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.8.1https://nvd.nist.gov/vuln/detail/CVE-2019-5456
CVE-2020-7644fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-7644
CVE-2020-16602Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\\Razer Chroma\\SDK\\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-16602
CVE-2020-7748This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-7748
CVE-2020-28460This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-28460
CVE-2021-42387Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-42387
CVE-2021-25745A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-25745
CVE-2022-29248Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-29248
CVE-2021-4228Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-4228
CVE-2022-3589An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a small part of a HTTP request sent to the API. Reading or changing the password of another user was not possible, thus no impact to Availability.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-3589
CVE-2022-4030The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-4030
CVE-2022-38336An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-38336
CVE-2022-31197PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue.8https://nvd.nist.gov/vuln/detail/CVE-2022-31197
CVE-2022-2625A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.8https://nvd.nist.gov/vuln/detail/CVE-2022-2625
CVE-2022-41675A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side.8https://nvd.nist.gov/vuln/detail/CVE-2022-41675
CVE-2019-6555Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-6555
CVE-2019-4015IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-4015
CVE-2019-4016IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-4016
CVE-2019-4014IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-4014
CVE-2019-3938Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-3938
CVE-2019-6546GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-6546
CVE-2019-4241IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-4241
CVE-2019-4415IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-4415
CVE-2019-4447IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-4447
CVE-2019-4448IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-4448
CVE-2019-18897A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-18897
CVE-2020-15852An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-15852
CVE-2020-15861Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-15861
CVE-2020-1319A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1129.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-1319
CVE-2020-24889A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24889
CVE-2021-26720avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-26720
CVE-2021-22015The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-22015
CVE-2022-0554Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0554
CVE-2022-0629Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0629
CVE-2021-44731A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.17.8https://nvd.nist.gov/vuln/detail/CVE-2021-44731
CVE-2021-26252A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-26252
CVE-2021-26259A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-26259
CVE-2021-26948Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-26948
CVE-2022-0330A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0330
CVE-2022-1619Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1619
CVE-2022-23743Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\\CheckPoint\\ZoneAlarm\\Data\\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.1921197.8https://nvd.nist.gov/vuln/detail/CVE-2022-23743
CVE-2022-1679A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1679
CVE-2022-1897Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1897
CVE-2021-23177An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-23177
CVE-2021-31566An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31566
CVE-2022-2319A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2319
CVE-2022-2320A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2320
CVE-2022-33890A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-33890
CVE-2022-41032NuGet Client Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41032
CVE-2022-20421In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20421
CVE-2022-31123Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31123
CVE-2022-41751Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41751
CVE-2022-41741NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41741
CVE-2022-43750drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43750
CVE-2022-41973multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41973
CVE-2022-41974multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41974
CVE-2022-32924The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-32924
CVE-2022-42801A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42801
CVE-2021-34055jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34055
CVE-2022-40284A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40284
CVE-2022-42919Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42919
CVE-2022-41395Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41395
CVE-2022-41396Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41396
CVE-2022-35407An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35407
CVE-2022-40304An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40304
CVE-2022-45868The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45868
CVE-2022-4141Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-4141
CVE-2022-41958super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41958
CVE-2022-41156Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41156
CVE-2022-45934An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45934
CVE-2022-45939GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45939
CVE-2022-3088UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1 UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3088
CVE-2022-45202GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45202
CVE-2022-45343GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45343
CVE-2022-21126The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-21126
CVE-2022-4034The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-4034
CVE-2022-45332LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45332
CVE-2022-29837A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-29837
CVE-2022-42718Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42718
CVE-2022-3591Use After Free in GitHub repository vim/vim prior to 9.0.0789.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3591
CVE-2022-23465SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23465
CVE-2022-43484TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43484
CVE-2022-4292Use After Free in GitHub repository vim/vim prior to 9.0.0882.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-4292
CVE-2022-45283GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45283
CVE-2022-31091Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.7.7https://nvd.nist.gov/vuln/detail/CVE-2022-31091
CVE-2022-3086An attacker with physical access to Moxa's bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A Series V2.2, UC-8200 Series V1.0 to V2.4, UC-8100A-ME-T Series V1.0 to V1.1, UC-8100 Series V1.2 to V1.3, UC-5100 Series V1.2, UC-3100 Series V1.2 to V2.0, UC-2100 Series V1.3 to V1.5, and UC-2100-W Series V1.3 to V1.5 can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.7.6https://nvd.nist.gov/vuln/detail/CVE-2022-3086
CVE-2018-3852An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3852
CVE-2018-16472A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-16472
CVE-2019-3908Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-3908
CVE-2019-4046IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-4046
CVE-2019-11810An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-11810
CVE-2019-4235IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-4235
CVE-2019-4430IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-4430
CVE-2019-10171It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-10171
CVE-2019-10745assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a _proto_ payload.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-10745
CVE-2019-4460IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-4460
CVE-2019-4338IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-4338
CVE-2019-4321IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-4321
CVE-2019-6811An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-6811
CVE-2019-16328In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-16328
CVE-2019-10222A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-10222
CVE-2019-10768In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-10768
CVE-2020-15503LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-15503
CVE-2020-3481A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-3481
CVE-2020-13101In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13101
CVE-2020-14198Bitcoin Core 0.20.0 allows remote denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14198
CVE-2020-25247An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-25247
CVE-2019-17566Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-17566
CVE-2020-15783A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-15783
CVE-2020-28268Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-28268
CVE-2020-28367Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-28367
CVE-2020-35896An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-35896
CVE-2020-28491This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-28491
CVE-2021-21300Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-21300
CVE-2021-29421models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29421
CVE-2020-24939Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24939
CVE-2021-4091A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4091
CVE-2021-32476A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32476
CVE-2022-24793PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24793
CVE-2022-24792PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24792
CVE-2022-29218RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious package. The bug has been patched, and is believed to have never been exploited, based on an extensive review of logs and existing gems by rubygems. The easiest way to ensure that an application has not been exploited by this vulnerability is to verify all downloaded .gems checksums match the checksum recorded in the RubyGems.org database. RubyGems.org has been patched and is no longer vulnerable to this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29218
CVE-2022-31042Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31042
CVE-2022-31043Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31043
CVE-2022-32081MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32081
CVE-2022-32082MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32082
CVE-2022-32084MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32084
CVE-2022-32089MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32089
CVE-2022-32091MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32091
CVE-2021-46828In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46828
CVE-2022-31198OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirements, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement. Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue. This issue has been patched in v4.7.2. Users are advised to upgrade. Users unable to upgrade should consider avoiding lowering quorum requirements if a past proposal was defeated for lack of quorum.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31198
CVE-2022-31779Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31779
CVE-2021-3859A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3859
CVE-2022-37797In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37797
CVE-2022-2906An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2906
CVE-2022-38178By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38178
CVE-2022-3080By sending specific queries to the resolver, an attacker can cause named to crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3080
CVE-2022-39251Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39251
CVE-2022-39173In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39173
CVE-2022-39250Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39250
CVE-2022-42003In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.17.5https://nvd.nist.gov/vuln/detail/CVE-2022-42003
CVE-2022-42004In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-42004
CVE-2022-41556A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-41556
CVE-2022-39282FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39282
CVE-2022-39283FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39283
CVE-2022-42227jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-42227
CVE-2021-26733A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-26733
CVE-2021-44467A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44467
CVE-2021-44769An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44769
CVE-2022-43680In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-43680
CVE-2022-3725Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3725
CVE-2022-25892The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25892
CVE-2022-45059An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45059
CVE-2022-45060An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45060
CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45061
CVE-2022-42965An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method7.5https://nvd.nist.gov/vuln/detail/CVE-2022-42965
CVE-2022-42060Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-42060
CVE-2022-37301A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37301
CVE-2022-0222A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0222
CVE-2022-44748A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server's file system, though. Note that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor's operating system user. There is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-44748
CVE-2022-40977A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40977
CVE-2022-26885When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26885
CVE-2022-38166In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38166
CVE-2022-38767An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38767
CVE-2022-45930A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45930
CVE-2022-45931A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45931
CVE-2022-45932A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45932
CVE-2022-38900decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38900
CVE-2022-41957Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. The issue has been patched in muhammara version 3.4.0 and the fix has been backported to version 2.6.2. As a workaround, do not process files from untrusted sources. If using hummus, replace the package with muhammara.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-41957
CVE-2022-45921FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45921
CVE-2022-24187The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an attacker to discover sensitive information such as end-user email addresses, and their unique frame_token value of all other Ourphoto App end-users.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24187
CVE-2022-24188The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24188
CVE-2022-24190The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24190
CVE-2022-41568LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-41568
CVE-2022-43326An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-43326
CVE-2022-45329AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45329
CVE-2022-25848This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25848
CVE-2022-44356WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-44356
CVE-2022-40265Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40265
CVE-2022-45337Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45337
CVE-2022-4228A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-4228
CVE-2022-23746The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23746
CVE-2022-45640Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45640
CVE-2022-4246A vulnerability classified as problematic has been found in Kakao PotPlayer. This affects an unknown part of the component MID File Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214623.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-4246
CVE-2022-28607An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-28607
CVE-2022-37017Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37017
CVE-2022-43272DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-43272
CVE-2022-45641Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45641
CVE-2022-45643Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45643
CVE-2022-45644Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45644
CVE-2022-45645Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45645
CVE-2022-45646Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45646
CVE-2022-45647Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45647
CVE-2022-45648Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45648
CVE-2022-45649Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45649
CVE-2022-45650Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45650
CVE-2022-45651Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45651
CVE-2022-45652Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45652
CVE-2022-45653Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45653
CVE-2022-45654Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45654
CVE-2022-45655Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45655
CVE-2022-45656Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45656
CVE-2022-45657Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45657
CVE-2022-45658Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45658
CVE-2022-45659Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45659
CVE-2022-45660Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45660
CVE-2022-45661Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45661
CVE-2022-45663Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45663
CVE-2022-45664Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45664
CVE-2022-45669Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45669
CVE-2022-45670Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45670
CVE-2022-45671Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45671
CVE-2022-45672Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45672
CVE-2022-2640The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2640
CVE-2022-2642Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2642
CVE-2022-4280A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-4280
CVE-2022-46405Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-46405
CVE-2022-41777Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-41777
CVE-2022-3694The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator's account.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3694
CVE-2022-3846The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3846
CVE-2022-3907The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3907
CVE-2022-45019SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45019
CVE-2022-46464ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".7.5https://nvd.nist.gov/vuln/detail/CVE-2022-46464
CVE-2020-5913In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections.7.4https://nvd.nist.gov/vuln/detail/CVE-2020-5913
CVE-2020-25638A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.7.4https://nvd.nist.gov/vuln/detail/CVE-2020-25638
CVE-2021-3712ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).7.4https://nvd.nist.gov/vuln/detail/CVE-2021-3712
CVE-2022-41927XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ```7.4https://nvd.nist.gov/vuln/detail/CVE-2022-41927
CVE-2021-45036Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-45036
CVE-2022-44211In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings.7.4https://nvd.nist.gov/vuln/detail/CVE-2022-44211
CVE-2019-7227In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.7.3https://nvd.nist.gov/vuln/detail/CVE-2019-7227
CVE-2019-4227IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.7.3https://nvd.nist.gov/vuln/detail/CVE-2019-4227
CVE-2020-7720The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.7.3https://nvd.nist.gov/vuln/detail/CVE-2020-7720
CVE-2022-43470Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-43470
CVE-2018-6195admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2018-6195
CVE-2018-19274Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.7.2https://nvd.nist.gov/vuln/detail/CVE-2018-19274
CVE-2019-9058An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.7.2https://nvd.nist.gov/vuln/detail/CVE-2019-9058
CVE-2019-17315SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.7.2https://nvd.nist.gov/vuln/detail/CVE-2019-17315
CVE-2019-17317SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.7.2https://nvd.nist.gov/vuln/detail/CVE-2019-17317
CVE-2020-7712This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-7712
CVE-2020-25042An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-25042
CVE-2020-7709This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-7709
CVE-2021-32807The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessControl` severely restrict access to Python modules and only exempt a few that are deemed safe, such as Python's `string` module. However, full access to the `string` module also allows access to the class `Formatter`, which can be overridden and extended within `Script (Python)` in a way that provides access to other unsafe Python libraries. Those unsafe Python libraries can be used for remote code execution. By default, you need to have the admin-level Zope "Manager" role to add or edit `Script (Python)` objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web - which would be a very unusual configuration to begin with - are at risk. The problem has been fixed in AccessControl 4.3 and 5.2. Only AccessControl versions 4 and 5 are vulnerable, and only on Python 3, not Python 2.7. As a workaround, a site administrator can restrict adding/editing `Script (Python)` objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-32807
CVE-2021-32811Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Products.PythonScripts` add-on package installed. By default, one must have the admin-level Zope "Manager" role to add or edit Script (Python) objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web are at risk. Zope releases 4.6.3 and 5.3 are not vulnerable. As a workaround, a site administrator can restrict adding/editing Script (Python) objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-32811
CVE-2022-26151Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26151
CVE-2022-39265MyBB is a free and open source forum software. The _Mail Settings_ ? Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-39265
CVE-2022-43229Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-43229
CVE-2022-30529File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-30529
CVE-2022-39833FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-39833
CVE-2022-3490The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present7.2https://nvd.nist.gov/vuln/detail/CVE-2022-3490
CVE-2022-3689The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users7.2https://nvd.nist.gov/vuln/detail/CVE-2022-3689
CVE-2022-36962SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-36962
CVE-2022-3383The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-3383
CVE-2022-3384The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and passes it through call_user_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through the function. This makes it possible for authenticated attackers, with administrative privileges, to execute code on the server.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-3384
CVE-2022-45328Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-45328
CVE-2022-44294Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-44294
CVE-2022-44295Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-44295
CVE-2022-44296Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-44296
CVE-2022-3226An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-3226
CVE-2022-3696A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-3696
CVE-2022-44277Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-44277
CVE-2022-44345Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-44345
CVE-2022-44347Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-44347
CVE-2022-44348Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-44348
CVE-2022-4278A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-4278
CVE-2022-4282A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-4282
CVE-2022-1540The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-1540
CVE-2022-3249The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks7.2https://nvd.nist.gov/vuln/detail/CVE-2022-3249
CVE-2022-3856The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-3856
CVE-2022-3858The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-3858
CVE-2018-3854An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability.7.1https://nvd.nist.gov/vuln/detail/CVE-2018-3854
CVE-2019-4043IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239.7.1https://nvd.nist.gov/vuln/detail/CVE-2019-4043
CVE-2019-4456IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 163620.7.1https://nvd.nist.gov/vuln/detail/CVE-2019-4456
CVE-2020-14393A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-14393
CVE-2021-25746A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-25746
CVE-2022-43995Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-43995
CVE-2022-35507A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-35507
CVE-2022-20422In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel7https://nvd.nist.gov/vuln/detail/CVE-2022-20422
CVE-2022-3635A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-3635
CVE-2022-44749A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It's not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is wrong because an error is being reported but only after the files have already been written. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the user. In all cases the attacker has to know the location of files on the user's system, though.7https://nvd.nist.gov/vuln/detail/CVE-2022-44749
CVE-2019-5455Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.6.8https://nvd.nist.gov/vuln/detail/CVE-2019-5455
CVE-2021-3827A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-3827
CVE-2022-35897An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-35897
CVE-2022-38803Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF6.8https://nvd.nist.gov/vuln/detail/CVE-2022-38803
CVE-2019-4357When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,6.7https://nvd.nist.gov/vuln/detail/CVE-2019-4357
CVE-2022-2975A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-2975
CVE-2022-3859An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-3859
CVE-2022-32594In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32594
CVE-2022-32596In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446213; Issue ID: ALPS07446213.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32596
CVE-2022-32597In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32597
CVE-2022-32598In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32598
CVE-2022-32619In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32619
CVE-2022-32620In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32620
CVE-2022-32622In gz, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363786; Issue ID: ALPS07363786.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32622
CVE-2022-32624In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32624
CVE-2022-32625In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32625
CVE-2022-32626In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326239; Issue ID: ALPS07326239.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32626
CVE-2022-32628In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310780; Issue ID: ALPS07310780.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32628
CVE-2022-32629In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310774; Issue ID: ALPS07310774.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32629
CVE-2022-32630In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32630
CVE-2022-32631In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453613; Issue ID: ALPS07453613.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32631
CVE-2022-32632In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441630; Issue ID: ALPS07441630.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32632
CVE-2022-32633In Wi-Fi, there is a possible memory access violation due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441637; Issue ID: ALPS07441637.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32633
CVE-2022-32634In ccci, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138646; Issue ID: ALPS07138646.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-32634
CVE-2019-6559Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-6559
CVE-2019-15133In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-15133
CVE-2019-14824A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-14824
CVE-2020-15652By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-15652
CVE-2020-8287Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-8287
CVE-2020-10005A resource exhaustion issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. An attacker in a privileged network position may be able to perform denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-10005
CVE-2022-2553The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2553
CVE-2022-35961OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue for the functions that take a single `bytes` argument, and not the functions that take `r, v, s` or `r, vs` as separate arguments. The potentially affected contracts are those that implement signature reuse or replay protection by marking the signature itself as used rather than the signed message or a nonce included in it. A user may take a signature that has already been submitted, submit it again in a different form, and bypass this protection. The issue has been patched in 4.7.3.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35961
CVE-2021-3975A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3975
CVE-2022-39222Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-39222
CVE-2022-3551A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3551
CVE-2022-42311Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction6.5https://nvd.nist.gov/vuln/detail/CVE-2022-42311
CVE-2022-42317Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction6.5https://nvd.nist.gov/vuln/detail/CVE-2022-42317
CVE-2022-39067There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-39067
CVE-2022-41933XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the "Forgot your password" link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It's also possible for administrators to set some properties for the migration: it's possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won't be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-41933
CVE-2022-40266Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-40266
CVE-2022-41712Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-41712
CVE-2022-39346Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-39346
CVE-2022-3511The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3511
CVE-2022-44937Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-44937
CVE-2022-24189The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24189
CVE-2022-32966RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-32966
CVE-2022-4144An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-4144
CVE-2022-4172An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-4172
CVE-2021-31693VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-31693
CVE-2022-3747The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like betheme_url_slug, replaced_theme_author, and betheme_label to name a few, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3747
CVE-2022-3898The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthenticated attackers to delete affiliate records, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3898
CVE-2022-4187Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2022-4187
CVE-2022-46338g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-46338
CVE-2022-41297IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-41297
CVE-2022-43900IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-43900
CVE-2022-23737An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, and 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-23737
CVE-2022-41971Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-41971
CVE-2022-45673Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-45673
CVE-2022-45674Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-45674
CVE-2022-45667Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-45667
CVE-2022-45668Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-45668
CVE-2021-37533Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-37533
CVE-2022-35730Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35730
CVE-2022-41798Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-41798
CVE-2022-41807Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-41807
CVE-2022-45824Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-45824
CVE-2022-3677The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3677
CVE-2022-3926The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3926
CVE-2022-46155Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL environment variables are inserted during Browserify builds due to being referenced in Airtable.js code. This only affects copies of Airtable.js built from its source, not those installed via npm or yarn. Airtable API keys set in users’ environments via the AIRTABLE_API_KEY environment variable may be bundled into local copies of Airtable.js source code if all of the following conditions are met: 1) the user has cloned the Airtable.js source onto their machine, 2) the user runs the `npm prepare` script, and 3) the user' has the AIRTABLE_API_KEY environment variable set. If these conditions are met, a user’s local build of Airtable.js would be modified to include the value of the AIRTABLE_API_KEY environment variable, which could then be accidentally shipped in the bundled code. Users who do not meet all three of these conditions are not impacted by this issue. Users should upgrade to Airtable.js version 0.11.6 or higher; or, as a workaround unset the AIRTABLE_API_KEY environment variable in their shell and/or remove it from your .bashrc, .zshrc, or other shell configuration files. Users should also regenerate any Airtable API keys they use, as the keysy may be present in bundled code.6.4https://nvd.nist.gov/vuln/detail/CVE-2022-46155
CVE-2022-32621In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Issue ID: ALPS07310829.6.4https://nvd.nist.gov/vuln/detail/CVE-2022-32621
CVE-2019-3876A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.6.3https://nvd.nist.gov/vuln/detail/CVE-2019-3876
CVE-2019-4536IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this vulnerability to obtain elevated privileges on the restored system. IBM X-Force ID: 165592.6.3https://nvd.nist.gov/vuln/detail/CVE-2019-4536
CVE-2019-4304IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.6.3https://nvd.nist.gov/vuln/detail/CVE-2019-4304
CVE-2020-10737A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.6.3https://nvd.nist.gov/vuln/detail/CVE-2020-10737
CVE-2021-3948An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.6.3https://nvd.nist.gov/vuln/detail/CVE-2021-3948
CVE-2022-38753This update resolves a multi-factor authentication bypass attack6.3https://nvd.nist.gov/vuln/detail/CVE-2022-38753
CVE-2022-22984The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605.6.3https://nvd.nist.gov/vuln/detail/CVE-2022-22984
CVE-2019-4038IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.6.2https://nvd.nist.gov/vuln/detail/CVE-2019-4038
CVE-2022-38802Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF6.2https://nvd.nist.gov/vuln/detail/CVE-2022-38802
CVE-2019-3911Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-3911
CVE-2019-3912An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-3912
CVE-2019-4040IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-4040
CVE-2019-6565Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-6565
CVE-2019-3837It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-3837
CVE-2020-23835A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-23835
CVE-2020-23839A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-23839
CVE-2022-0235node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0235
CVE-2021-20315A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-20315
CVE-2022-25610Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25610
CVE-2022-29548A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-29548
CVE-2022-32209# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).6.1https://nvd.nist.gov/vuln/detail/CVE-2022-32209
CVE-2022-42746CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-42746
CVE-2022-42747CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-42747
CVE-2022-42748CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-42748
CVE-2022-42749CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-42749
CVE-2022-4091A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4091
CVE-2022-0698Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0698
CVE-2022-39325BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-39325
CVE-2022-39333Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-39333
CVE-2022-45225Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-45225
CVE-2022-2311The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-2311
CVE-2022-3847The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack6.1https://nvd.nist.gov/vuln/detail/CVE-2022-3847
CVE-2022-41965Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's Opencast install, potentially facilitating phishing attacks or other security issues. This issue is fixed in Opencast 12.5 and newer.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-41965
CVE-2022-46147Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contains a patch for this issue. There are no known workarounds.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-46147
CVE-2022-45214A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-45214
CVE-2022-36433The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-36433
CVE-2022-44355SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-44355
CVE-2022-44279Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-44279
CVE-2022-3896The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is unlikely to work in modern browsers.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-3896
CVE-2022-4032The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4032
CVE-2022-4035The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4035
CVE-2022-4233A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=user/list. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-214591.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4233
CVE-2021-31740SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS).6.1https://nvd.nist.gov/vuln/detail/CVE-2021-31740
CVE-2022-4234A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. The manipulation of the argument brand_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214595.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4234
CVE-2022-4249A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Affected is an unknown function of the component POST Request Handler. The manipulation of the argument ORDER_ID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214626 is the identifier assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4249
CVE-2022-4250A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file booking.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214627.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4250
CVE-2022-4252A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214629 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4252
CVE-2022-45050A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-45050
CVE-2022-4208The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4208
CVE-2022-4209The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4209
CVE-2022-4210The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4210
CVE-2022-4211The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4211
CVE-2022-4212The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4212
CVE-2022-4213The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4213
CVE-2022-4214The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4214
CVE-2022-4215The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4215
CVE-2022-4279A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4279
CVE-2022-46391AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-46391
CVE-2022-40968Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-40968
CVE-2022-43479Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-43479
CVE-2022-43487Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-43487
CVE-2022-43497Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script .6.1https://nvd.nist.gov/vuln/detail/CVE-2022-43497
CVE-2022-43500Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script .6.1https://nvd.nist.gov/vuln/detail/CVE-2022-43500
CVE-2022-45769A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-45769
CVE-2022-45990A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-45990
CVE-2020-14367A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.6https://nvd.nist.gov/vuln/detail/CVE-2020-14367
CVE-2020-15586Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-15586
CVE-2020-13946In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-13946
CVE-2022-44212In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-44212
CVE-2022-45480PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.9https://nvd.nist.gov/vuln/detail/CVE-2022-45480
CVE-2022-45483Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.9https://nvd.nist.gov/vuln/detail/CVE-2022-45483
CVE-2019-7231The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server.5.7https://nvd.nist.gov/vuln/detail/CVE-2019-7231
CVE-2019-4425IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.5.7https://nvd.nist.gov/vuln/detail/CVE-2019-4425
CVE-2018-16868A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.5.6https://nvd.nist.gov/vuln/detail/CVE-2018-16868
CVE-2020-15366An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)5.6https://nvd.nist.gov/vuln/detail/CVE-2020-15366
CVE-2022-39384OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization.5.6https://nvd.nist.gov/vuln/detail/CVE-2022-39384
CVE-2019-6547Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files.5.5https://nvd.nist.gov/vuln/detail/CVE-2019-6547
CVE-2019-4039IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.5.5https://nvd.nist.gov/vuln/detail/CVE-2019-4039
CVE-2019-19221In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.5.5https://nvd.nist.gov/vuln/detail/CVE-2019-19221
CVE-2020-14385A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-14385
CVE-2020-25598An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-25598
CVE-2020-13498An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-13498
CVE-2022-21704log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. Users are advised to update.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-21704
CVE-2022-0382An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0382
CVE-2022-0714Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0714
CVE-2022-24823Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24823
CVE-2022-1623LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1623
CVE-2022-1674NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1674
CVE-2021-3995A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3995
CVE-2021-3996A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3996
CVE-2022-0171A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0171
CVE-2022-38791In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38791
CVE-2022-35014Advancecomp v2.3 contains a segmentation fault.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35014
CVE-2022-35015Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35015
CVE-2022-35016Advancecomp v2.3 was discovered to contain a heap buffer overflow.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35016
CVE-2022-35017Advancecomp v2.3 was discovered to contain a heap buffer overflow.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35017
CVE-2022-35018Advancecomp v2.3 was discovered to contain a segmentation fault.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35018
CVE-2022-35019Advancecomp v2.3 was discovered to contain a segmentation fault.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35019
CVE-2022-35020Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35020
CVE-2022-39253Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-39253
CVE-2022-42310Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-42310
CVE-2022-3821An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-3821
CVE-2022-23824IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-23824
CVE-2022-45146An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-45146
CVE-2022-2513A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database. An attacker who manages to get access to the exported backup file can exploit the vulnerability and obtain credentials of the IEDs. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2513
CVE-2022-41946pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-41946
CVE-2022-45873systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-45873
CVE-2022-40976A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-40976
CVE-2022-41926Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-41926
CVE-2022-43588A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43588
CVE-2022-43589A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43589
CVE-2022-43590A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43590
CVE-2022-41732IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-41732
CVE-2022-4104A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-4104
CVE-2022-4127A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-4127
CVE-2022-4128A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-4128
CVE-2022-4129A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-4129
CVE-2022-45204GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-45204
CVE-2022-45869A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-45869
CVE-2022-43901IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-43901
CVE-2022-4293Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-4293
CVE-2017-2599Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).5.4https://nvd.nist.gov/vuln/detail/CVE-2017-2599
CVE-2019-4027IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4027
CVE-2019-4028IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4028
CVE-2019-4029IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4029
CVE-2019-4030IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4030
CVE-2019-4033IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4033
CVE-2019-6562In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-6562
CVE-2019-4011IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4011
CVE-2019-4403IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4403
CVE-2019-4158IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4158
CVE-2019-4249IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4249
CVE-2019-4237A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4237
CVE-2019-4297IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4297
CVE-2019-4211IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159131.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4211
CVE-2019-5457Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-5457
CVE-2019-4482IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-4482
CVE-2019-6835A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-6835
CVE-2020-13294In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-13294
CVE-2020-35509A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-35509
CVE-2022-3201Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)5.4https://nvd.nist.gov/vuln/detail/CVE-2022-3201
CVE-2022-37429Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37429
CVE-2022-37430Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37430
CVE-2022-38145Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-38145
CVE-2022-37421Silverstripe silverstripe/cms through 4.11.0 allows XSS.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37421
CVE-2022-38147Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).5.4https://nvd.nist.gov/vuln/detail/CVE-2022-38147
CVE-2022-39331Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-39331
CVE-2022-39338user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this vulnerability has only been shown to be exploitable in the Safari web browser. This issue has been addressed in version 1.2.1. Users are advised to upgrade. Users unable to upgrade should urge their users to avoid using the Safari web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-39338
CVE-2022-39332Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-39332
CVE-2022-44284Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS).5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44284
CVE-2022-41676Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-41676
CVE-2022-42099KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-42099
CVE-2022-42100KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-42100
CVE-2022-46148Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-46148
CVE-2022-3991The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-3991
CVE-2022-4027The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when responding to forum threads that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-4027
CVE-2022-4028The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during the profile-save action when modifying a profile signature in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to inject arbitrary web scripts in pages when modifying a profile signature that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-4028
CVE-2022-4231A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-4231
CVE-2022-38801In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-38801
CVE-2022-46149Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-46149
CVE-2022-40849ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID).5.4https://nvd.nist.gov/vuln/detail/CVE-2022-40849
CVE-2022-4251A vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214628.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-4251
CVE-2022-4253A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214630 is the identifier assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-4253
CVE-2022-45215A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-45215
CVE-2022-4271Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-4271
CVE-2022-44944Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44944
CVE-2022-44946Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44946
CVE-2022-44947Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44947
CVE-2022-44948Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44948
CVE-2022-44949Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44949
CVE-2022-44950Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44950
CVE-2022-44951Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44951
CVE-2022-44952Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44952
CVE-2022-44953webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44953
CVE-2022-44954webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add".5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44954
CVE-2022-44955webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44955
CVE-2022-44956webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44956
CVE-2022-44957webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44957
CVE-2022-44959webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44959
CVE-2022-44960webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44960
CVE-2022-44961webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44961
CVE-2022-44962webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-44962
CVE-2022-43499Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-43499
CVE-2022-43097Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-43097
CVE-2021-34181Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-34181
CVE-2022-43706Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-43706
CVE-2018-3174Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).5.3https://nvd.nist.gov/vuln/detail/CVE-2018-3174
CVE-2019-4337IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-4337
CVE-2019-5444Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-5444
CVE-2019-4439IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-4439
CVE-2019-4437IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-4437
CVE-2019-4305IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-4305
CVE-2019-4246IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-4246
CVE-2020-7600querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-7600
CVE-2020-7637class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-7637
CVE-2020-7638confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-7638
CVE-2020-7639eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-7639
CVE-2020-7616express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-7616
CVE-2020-7618sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-7618
CVE-2020-14155libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-14155
CVE-2020-17507An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-17507
CVE-2022-35915OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-35915
CVE-2022-35916OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-35916
CVE-2022-41316HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-41316
CVE-2021-26732A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-26732
CVE-2021-44776A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-44776
CVE-2021-45925Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-45925
CVE-2022-45866qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-45866
CVE-2022-41932XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-41932
CVE-2022-45914The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-45914
CVE-2022-4169The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-4169
CVE-2022-4033The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-4033
CVE-2022-4036The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-4036
CVE-2022-1911Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-1911
CVE-2022-41968Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-41968
CVE-2022-41970Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-41970
CVE-2022-43504Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-43504
CVE-2019-3893In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.4.9https://nvd.nist.gov/vuln/detail/CVE-2019-3893
CVE-2021-37823OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-37823
CVE-2022-41929org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-41929
CVE-2022-4031The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-4031
CVE-2022-44721CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.)4.9https://nvd.nist.gov/vuln/detail/CVE-2022-44721
CVE-2022-0485A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0485
CVE-2022-42095Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-42095
CVE-2022-2983The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2983
CVE-2022-3601The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3601
CVE-2022-3610The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3610
CVE-2022-3822The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3822
CVE-2022-3823The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3823
CVE-2022-3824The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3824
CVE-2022-3828The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3828
CVE-2022-3831The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3831
CVE-2022-3833The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3833
CVE-2022-3834The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3834
CVE-2022-3839The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3839
CVE-2022-45221Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-45221
CVE-2022-45223Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-45223
CVE-2022-45224Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-45224
CVE-2022-36136ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-36136
CVE-2022-36137ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-36137
CVE-2022-3897The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3897
CVE-2022-4216The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-4216
CVE-2022-4217The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-4217
CVE-2022-41830Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-41830
CVE-2022-3426The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3426
CVE-2022-3830The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3830
CVE-2022-3837The Uji Countdown WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3837
CVE-2022-3838The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3838
CVE-2022-3892The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3892
CVE-2022-3909The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-3909
CVE-2019-3901A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.4.7https://nvd.nist.gov/vuln/detail/CVE-2019-3901
CVE-2013-4235shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees4.7https://nvd.nist.gov/vuln/detail/CVE-2013-4235
CVE-2021-3521There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.4.7https://nvd.nist.gov/vuln/detail/CVE-2021-3521
CVE-2022-3303A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition4.7https://nvd.nist.gov/vuln/detail/CVE-2022-3303
CVE-2022-39334Nextcloud desktop is the desktop sync client for Nextcloud. Versions prior to 3.6.1 would incorrectly trust invalid TLS certificates. A Man-in-the-middle attack is possible in case a user can be made running a nextcloudcmd CLI command locally. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this vulnerability.4.7https://nvd.nist.gov/vuln/detail/CVE-2022-39334
CVE-2022-4029The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This would be highly complex to exploit as it would require the attacker to set the cookie a cookie for the targeted user.4.7https://nvd.nist.gov/vuln/detail/CVE-2022-4029
CVE-2022-28386An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-28386
CVE-2022-43442Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-43442
CVE-2022-23467OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-23467
CVE-2018-3284Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2018-3284
CVE-2019-4236A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418.4.4https://nvd.nist.gov/vuln/detail/CVE-2019-4236
CVE-2021-2372Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2021-2372
CVE-2019-4234IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-4234
CVE-2019-4484IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-4484
CVE-2019-4485IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-4485
CVE-2019-4442IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-4442
CVE-2019-10203PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-10203
CVE-2019-10806vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-10806
CVE-2020-36389In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-36389
CVE-2021-32472Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-32472
CVE-2022-4087A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4087
CVE-2022-41935XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-41935
CVE-2022-39339user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings).4.3https://nvd.nist.gov/vuln/detail/CVE-2022-39339
CVE-2021-25059The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-25059
CVE-2022-3850The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3850
CVE-2022-41921Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced. No known workarounds are available.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-41921
CVE-2022-41944Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-41944
CVE-2022-45301Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\\tools\\ruby31 and all files located in that folder.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-45301
CVE-2022-45304Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\\tools\\Cmder and all files located in that folder.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-45304
CVE-2022-45305Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\\Python311 and all files located in that folder.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-45305
CVE-2022-45306Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\\agent and all files located in that folder.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-45306
CVE-2022-45307Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\\tools\\php81 and all files located in that folder.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-45307
CVE-2022-46150Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-46150
CVE-2022-3361The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3361
CVE-2022-3995The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3995
CVE-2022-4182Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4182
CVE-2022-4183Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4183
CVE-2022-4184Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4184
CVE-2022-4185Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4185
CVE-2022-4186Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4186
CVE-2022-4188Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4188
CVE-2022-4189Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4189
CVE-2022-4195Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4195
CVE-2022-41413perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-41413
CVE-2022-1606Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-1606
CVE-2022-3711A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3711
CVE-2022-46159Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-46159
CVE-2022-4218The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4218
CVE-2022-4219The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4219
CVE-2022-4220The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4220
CVE-2022-45842Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores.3.7https://nvd.nist.gov/vuln/detail/CVE-2022-45842
CVE-2020-35501A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem3.4https://nvd.nist.gov/vuln/detail/CVE-2020-35501
CVE-2021-25463Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-25463
CVE-2022-41043Microsoft Office Information Disclosure Vulnerability.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-41043
CVE-2022-3633A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-3633
CVE-2022-41954MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. Users unable to upgrade may set `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-41954
CVE-2022-46156The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed through a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks. Version 0.12.0 contains a fix. Users are advised to rotate the agent tokens. After upgrading to version v0.12.0 or later, it's recommended that users of distribution packages review the configuration stored in `/etc/synthetic-monitoring/synthetic-monitoring-agent.conf`, specifically the `API_TOKEN` variable which has been renamed to `SM_AGENT_API_TOKEN`. As a workaround for previous versions, it's recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter `-listen-address`, e.g. `-listen-address localhost:4050`.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-46156
CVE-2022-38377An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.2.7https://nvd.nist.gov/vuln/detail/CVE-2022-38377
CVE-2022-3710A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.2.7https://nvd.nist.gov/vuln/detail/CVE-2022-3710
CVE-2022-41969Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords.2.7https://nvd.nist.gov/vuln/detail/CVE-2022-41969
CVE-2022-4270Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.2.6https://nvd.nist.gov/vuln/detail/CVE-2022-4270
CVE-2022-32967RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.2.1https://nvd.nist.gov/vuln/detail/CVE-2022-32967
CVE-2009-0855Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2009-0855
CVE-2009-0586Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2009-0586
CVE-2014-2589Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter.https://nvd.nist.gov/vuln/detail/CVE-2014-2589
CVE-2015-6460Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0.https://nvd.nist.gov/vuln/detail/CVE-2015-6460
CVE-2019-18265Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in logs and rendered when viewed in the web application.https://nvd.nist.gov/vuln/detail/CVE-2019-18265
CVE-2022-40204A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login.https://nvd.nist.gov/vuln/detail/CVE-2022-40204
CVE-2022-2969Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.https://nvd.nist.gov/vuln/detail/CVE-2022-2969
CVE-2022-35508Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3.https://nvd.nist.gov/vuln/detail/CVE-2022-35508
CVE-2022-45477Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:Hhttps://nvd.nist.gov/vuln/detail/CVE-2022-45477
CVE-2022-45478Telepad allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:Nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45478
CVE-2022-4269A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.https://nvd.nist.gov/vuln/detail/CVE-2022-4269
CVE-2022-43515Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.https://nvd.nist.gov/vuln/detail/CVE-2022-43515
CVE-2022-43516A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)https://nvd.nist.gov/vuln/detail/CVE-2022-43516
CVE-2022-37325In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.https://nvd.nist.gov/vuln/detail/CVE-2022-37325
CVE-2022-37783All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework.https://nvd.nist.gov/vuln/detail/CVE-2022-37783
CVE-2022-42705A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.https://nvd.nist.gov/vuln/detail/CVE-2022-42705
CVE-2022-42706An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.https://nvd.nist.gov/vuln/detail/CVE-2022-42706
CVE-2022-44039Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen" system function with the mode "wb" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password.https://nvd.nist.gov/vuln/detail/CVE-2022-44039
CVE-2022-45479PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:Hhttps://nvd.nist.gov/vuln/detail/CVE-2022-45479
CVE-2022-45481The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:Hhttps://nvd.nist.gov/vuln/detail/CVE-2022-45481
CVE-2022-46164NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit.https://nvd.nist.gov/vuln/detail/CVE-2022-46164
CVE-2022-23143ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.https://nvd.nist.gov/vuln/detail/CVE-2022-23143
CVE-2022-27773A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-27773
CVE-2022-2827AMI MegaRAC User Enumeration Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2022-2827
CVE-2022-30122A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.https://nvd.nist.gov/vuln/detail/CVE-2022-30122
CVE-2022-30123A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.https://nvd.nist.gov/vuln/detail/CVE-2022-30123
CVE-2022-32221When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.https://nvd.nist.gov/vuln/detail/CVE-2022-32221
CVE-2022-32224A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.https://nvd.nist.gov/vuln/detail/CVE-2022-32224
CVE-2022-35254An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.https://nvd.nist.gov/vuln/detail/CVE-2022-35254
CVE-2022-35255A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.https://nvd.nist.gov/vuln/detail/CVE-2022-35255
CVE-2022-35256The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.https://nvd.nist.gov/vuln/detail/CVE-2022-35256
CVE-2022-35258An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.https://nvd.nist.gov/vuln/detail/CVE-2022-35258
CVE-2022-35259XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-35259
CVE-2022-35260curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.https://nvd.nist.gov/vuln/detail/CVE-2022-35260
CVE-2022-40242MegaRAC Default Credentials Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2022-40242
CVE-2022-43548A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.https://nvd.nist.gov/vuln/detail/CVE-2022-43548
CVE-2022-43549Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms.https://nvd.nist.gov/vuln/detail/CVE-2022-43549
CVE-2022-43553A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.https://nvd.nist.gov/vuln/detail/CVE-2022-43553
CVE-2022-43556Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.https://nvd.nist.gov/vuln/detail/CVE-2022-43556
CVE-2022-43557The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.https://nvd.nist.gov/vuln/detail/CVE-2022-43557
CVE-2022-45912An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-45912
CVE-2021-39434A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.https://nvd.nist.gov/vuln/detail/CVE-2021-39434
CVE-2022-38337When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.https://nvd.nist.gov/vuln/detail/CVE-2022-38337
CVE-2022-40918Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > http://thiscomputer.com/ > https://www.bostoncyber.org/ > https://medium.com/@meekworth/exploiting-the-lw9621-drone-camera-module-773f00081368https://nvd.nist.gov/vuln/detail/CVE-2022-40918
CVE-2022-44009Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information.https://nvd.nist.gov/vuln/detail/CVE-2022-44009
CVE-2022-4173A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10.https://nvd.nist.gov/vuln/detail/CVE-2022-4173
CVE-2022-46151Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow attackers to perform reflected cross site scripting (XSS) if Content Security Policy (CSP) is not enabled or `unsafe-inline` is allowed. Users are advised to upgrade to the latest, patched version of querybook (version 3.14.2 or greater). Users unable to upgrade may enable CSP and not allow unsafe-inline or manually escape query parameters in a reverse proxy.https://nvd.nist.gov/vuln/detail/CVE-2022-46151
CVE-2022-34881Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01.https://nvd.nist.gov/vuln/detail/CVE-2022-34881
CVE-2022-40603A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser.https://nvd.nist.gov/vuln/detail/CVE-2022-40603
CVE-2022-24439All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.https://nvd.nist.gov/vuln/detail/CVE-2022-24439
CVE-2022-25912The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).https://nvd.nist.gov/vuln/detail/CVE-2022-25912
CVE-2022-39090In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39090
CVE-2022-39091In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39091
CVE-2022-39092In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39092
CVE-2022-39093In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39093
CVE-2022-39094In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39094
CVE-2022-39095In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39095
CVE-2022-39096In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39096
CVE-2022-39097In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39097
CVE-2022-39098In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39098
CVE-2022-39099In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39099
CVE-2022-39100In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39100
CVE-2022-39101In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39101
CVE-2022-39102In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-39102
CVE-2022-39106In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.https://nvd.nist.gov/vuln/detail/CVE-2022-39106
CVE-2022-39129In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.https://nvd.nist.gov/vuln/detail/CVE-2022-39129
CVE-2022-39130In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.https://nvd.nist.gov/vuln/detail/CVE-2022-39130
CVE-2022-39131In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.https://nvd.nist.gov/vuln/detail/CVE-2022-39131
CVE-2022-39132In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.https://nvd.nist.gov/vuln/detail/CVE-2022-39132
CVE-2022-39133In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-39133
CVE-2022-39134In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel.https://nvd.nist.gov/vuln/detail/CVE-2022-39134
CVE-2022-42754In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel.https://nvd.nist.gov/vuln/detail/CVE-2022-42754
CVE-2022-42755In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42755
CVE-2022-42756In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel.https://nvd.nist.gov/vuln/detail/CVE-2022-42756
CVE-2022-42757In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42757
CVE-2022-42758In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42758
CVE-2022-42759In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42759
CVE-2022-42760In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42760
CVE-2022-42761In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42761
CVE-2022-42762In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42762
CVE-2022-42763In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42763
CVE-2022-42764In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42764
CVE-2022-42765In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42765
CVE-2022-42766In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-42766
CVE-2022-42767In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42767
CVE-2022-42768In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42768
CVE-2022-42769In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42769
CVE-2022-42770In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42770
CVE-2022-42771In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42771
CVE-2022-42772In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42772
CVE-2022-42773In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42773
CVE-2022-42774In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42774
CVE-2022-42775In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.https://nvd.nist.gov/vuln/detail/CVE-2022-42775
CVE-2022-42776In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-42776
CVE-2022-42777In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-42777
CVE-2022-42778In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-42778
CVE-2022-42779In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42779
CVE-2022-42780In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42780
CVE-2022-42781In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.https://nvd.nist.gov/vuln/detail/CVE-2022-42781
CVE-2022-42782In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-42782
CVE-2022-4296A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214812.https://nvd.nist.gov/vuln/detail/CVE-2022-4296
CVE-2022-4300A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-4300
CVE-2020-6627The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.https://nvd.nist.gov/vuln/detail/CVE-2020-6627
CVE-2022-40209Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress.https://nvd.nist.gov/vuln/detail/CVE-2022-40209
CVE-2022-46383RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access.https://nvd.nist.gov/vuln/detail/CVE-2022-46383
CVE-2022-38123Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.https://nvd.nist.gov/vuln/detail/CVE-2022-38123
CVE-2022-41325An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.https://nvd.nist.gov/vuln/detail/CVE-2022-41325
CVE-2022-44289Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.https://nvd.nist.gov/vuln/detail/CVE-2022-44289
CVE-2022-46382RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.https://nvd.nist.gov/vuln/detail/CVE-2022-46382
CVE-2022-30305An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.https://nvd.nist.gov/vuln/detail/CVE-2022-30305
CVE-2022-33875An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.https://nvd.nist.gov/vuln/detail/CVE-2022-33875
CVE-2022-33876Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.https://nvd.nist.gov/vuln/detail/CVE-2022-33876
CVE-2022-35843An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.https://nvd.nist.gov/vuln/detail/CVE-2022-35843
CVE-2022-38379Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.https://nvd.nist.gov/vuln/detail/CVE-2022-38379
CVE-2022-40680A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.https://nvd.nist.gov/vuln/detail/CVE-2022-40680
CVE-2022-45326An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.https://nvd.nist.gov/vuln/detail/CVE-2022-45326
CVE-2022-23466teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting (XSS) in the teler dashboard. When teler requests messages from the event stream on the `/events` endpoint, the log data displayed on the dashboard are not sanitized. This only affects authenticated users and can only be exploited based on detected threats if the log contains a DOM scripting payload. This vulnerability has been fixed on version `v2.0.0-rc.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-23466
CVE-2022-23470Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and higher, after the switch to gunicorn, which serve static contents directly. Additionally, the vulnerability is mitigated when using Nginx or Apache to serve /static/* contents, instead of Galaxy's internal middleware. This issue has been patched in commit `e5e6bda4f` and will be included in future releases. Users are advised to manually patch their installations. There are no known workarounds for this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-23470
CVE-2022-23472Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python `random` library for random value selection. The python `random` library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-23472
CVE-2022-34361IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.https://nvd.nist.gov/vuln/detail/CVE-2022-34361
CVE-2022-41559The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.https://nvd.nist.gov/vuln/detail/CVE-2022-41559
CVE-2022-41560The Statement Set Upload via the Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Denial of Service Attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.https://nvd.nist.gov/vuln/detail/CVE-2022-41560
CVE-2022-43369AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php.https://nvd.nist.gov/vuln/detail/CVE-2022-43369
CVE-2022-43867IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.https://nvd.nist.gov/vuln/detail/CVE-2022-43867
CVE-2022-45548AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-45548
CVE-2022-46154Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue.https://nvd.nist.gov/vuln/detail/CVE-2022-46154
CVE-2022-46161pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input.https://nvd.nist.gov/vuln/detail/CVE-2022-46161
CVE-2022-4147Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.https://nvd.nist.gov/vuln/detail/CVE-2022-4147
CVE-2022-23475daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in two parts 1) The CSRF vulnerability can be mitigated by making the daloRadius session cookie to samesite=Lax or by the implimentation of a CSRF token in all forms. 2) The XSS vulnerability may be mitigated by escaping it or by introducing a Content-Security policy.https://nvd.nist.gov/vuln/detail/CVE-2022-23475
CVE-2022-44900A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.https://nvd.nist.gov/vuln/detail/CVE-2022-44900
CVE-2022-46332The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.https://nvd.nist.gov/vuln/detail/CVE-2022-46332
CVE-2022-46333The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.https://nvd.nist.gov/vuln/detail/CVE-2022-46333
CVE-2022-42888Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress.https://nvd.nist.gov/vuln/detail/CVE-2022-42888
CVE-2022-45359Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress.https://nvd.nist.gov/vuln/detail/CVE-2022-45359
CVE-2022-45848Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress.https://nvd.nist.gov/vuln/detail/CVE-2022-45848
CVE-2022-41902TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.https://nvd.nist.gov/vuln/detail/CVE-2022-41902
CVE-2022-41910TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.https://nvd.nist.gov/vuln/detail/CVE-2022-41910
CVE-2022-45816Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress.https://nvd.nist.gov/vuln/detail/CVE-2022-45816
CVE-2022-45829Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress.https://nvd.nist.gov/vuln/detail/CVE-2022-45829
CVE-2022-45833Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress.https://nvd.nist.gov/vuln/detail/CVE-2022-45833
Tags
Bulletins Alerts & Advisories
Share