Security Bulletin 28 Dec 2022
Published on 22 Feb 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
| Critical | vulnerabilities with a base score of 9.0 to 10.0 |
| High | vulnerabilities with a base score of 7.0 to 8.9 |
| Medium | vulnerabilities with a base score of 4.0 to 6.9 |
| Low | vulnerabilities with a base score of 0.1 to 3.9 |
| None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CRITICAL VULNERABILITIES
| CVE Number | Description | Base Score | Reference |
|---|---|---|---|
| CVE-2022-3643 | Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2022-3643 |
| CVE-2019-16891 | Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16891 |
| CVE-2020-3227 | A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3227 |
| CVE-2020-35476 | A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.) | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-35476 |
| CVE-2021-34427 | In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-34427 |
| CVE-2021-44732 | Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-44732 |
| CVE-2022-34916 | Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34916 |
| CVE-2022-3649 | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3649 |
| CVE-2022-44542 | lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44542 |
| CVE-2022-46404 | A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46404 |
| CVE-2021-39426 | An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39426 |
| CVE-2022-42837 | An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42837 |
| CVE-2022-42842 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42842 |
| CVE-2022-46631 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46631 |
| CVE-2022-46634 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46634 |
| CVE-2022-47377 | Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47377 |
| CVE-2022-42529 | Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42529 |
| CVE-2022-4566 | A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4566 |
| CVE-2021-31650 | A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31650 |
| CVE-2021-38241 | Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-38241 |
| CVE-2022-37832 | Mutiny 7.2.0-10788 suffers from Hardcoded root password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-37832 |
| CVE-2021-4246 | A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216176. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4246 |
| CVE-2022-4592 | A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is 8c62d274986137d6a1d06958a6f75c3553f45f8f. It is recommended to apply a patch to fix this issue. The identifier VDB-216185 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4592 |
| CVE-2022-4594 | A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4594 |
| CVE-2021-4248 | A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS/Protocol/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be launched remotely. Upgrading to version 7.0.0 is able to address this issue. The name of the patch is cf7105aa2aae90d6656088fe5a8ee1d5730773b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216188. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4248 |
| CVE-2022-4606 | PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4606 |
| CVE-2022-4607 | A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch is 246f4e2a97ad81491c00a7ed72ce5e7c7f75050a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216215. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4607 |
| CVE-2022-44456 | CONPROSYS HMI System (CHS) Ver.3.4.4 and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44456 |
| CVE-2020-36619 | A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36619 |
| CVE-2021-4259 | A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 is able to address this issue. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216267. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4259 |
| CVE-2021-4261 | A vulnerability classified as critical has been found in pacman-canvas up to 1.0.5. Affected is the function addHighscore of the file data/db-handler.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 29522c90ca1cebfce6453a5af5a45281d99b0646. It is recommended to upgrade the affected component. VDB-216270 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4261 |
| CVE-2021-4262 | A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216271. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4262 |
| CVE-2022-4050 | The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4050 |
| CVE-2022-4063 | The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4063 |
| CVE-2022-40434 | Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40434 |
| CVE-2022-44108 | pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(Object*):Object.cc. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44108 |
| CVE-2022-44109 | pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44109 |
| CVE-2022-46538 | Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46538 |
| CVE-2022-46316 | A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46316 |
| CVE-2022-46319 | Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46319 |
| CVE-2022-46320 | The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46320 |
| CVE-2022-46323 | Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46323 |
| CVE-2022-46324 | Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46324 |
| CVE-2022-46325 | Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46325 |
| CVE-2022-46326 | Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46326 |
| CVE-2022-46327 | Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46327 |
| CVE-2022-1887 | The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1887 |
| CVE-2022-40004 | Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-40004 |
| CVE-2021-22945 | When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-22945 |
| CVE-2022-35409 | An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-35409 |
| CVE-2022-38708 | IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-38708 |
| CVE-2022-44940 | Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-44940 |
OTHER VULNERABILITIES
| CVE Number | Description | Base Score | Reference |
|---|---|---|---|
| CVE-2016-6931 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6932. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-6931 |
| CVE-2020-3118 | A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3118 |
| CVE-2022-35823 | Microsoft SharePoint Remote Code Execution Vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-35823 |
| CVE-2022-40955 | In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40955 |
| CVE-2022-3640 | A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3640 |
| CVE-2022-46340 | A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46340 |
| CVE-2022-46341 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46341 |
| CVE-2022-46342 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46342 |
| CVE-2022-46343 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46343 |
| CVE-2022-46344 | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46344 |
| CVE-2022-42856 | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42856 |
| CVE-2022-42861 | This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42861 |
| CVE-2022-42863 | A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42863 |
| CVE-2022-42867 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42867 |
| CVE-2022-46691 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46691 |
| CVE-2022-46696 | A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46696 |
| CVE-2022-46699 | A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46699 |
| CVE-2022-46700 | A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46700 |
| CVE-2022-20607 | In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20607 |
| CVE-2022-20610 | In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20610 |
| CVE-2022-25628 | An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25628 |
| CVE-2022-4564 | A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4564 |
| CVE-2022-47208 | The “puhttpsniff†service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47208 |
| CVE-2022-47209 | A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support†and cannot be changed by a user via any normally accessible means. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47209 |
| CVE-2022-4584 | A vulnerability was found in Axiomatic Bento4. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4584 |
| CVE-2022-47514 | An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47514 |
| CVE-2022-4604 | A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.5.2 is able to address this issue. The name of the patch is ad4ba171c974c65c3456e7c6228f59f40783b33d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216199. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4604 |
| CVE-2022-43443 | Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, and WCR-1166DS firmware Ver. 1.34 and earlier allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43443 |
| CVE-2022-42844 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to break out of its sandbox. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-42844 |
| CVE-2022-46403 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-46403 |
| CVE-2022-29181 | Nokogiri is an open-source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-29181 |
| CVE-2022-37966 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-37966 |
| CVE-2022-38023 | Netlogon RPC Elevation of Privilege Vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-38023 |
| CVE-2022-4567 | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4567 |
| CVE-2022-3565 | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3565 |
| CVE-2018-8822 | Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-8822 |
| CVE-2019-3467 | Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-3467 |
| CVE-2022-2938 | A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2938 |
| CVE-2022-2978 | A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2978 |
| CVE-2022-3545 | A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3545 |
| CVE-2022-43750 | drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43750 |
| CVE-2022-40284 | A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40284 |
| CVE-2022-23748 | mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23748 |
| CVE-2022-40304 | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40304 |
| CVE-2022-45934 | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45934 |
| CVE-2022-43484 | TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43484 |
| CVE-2022-4283 | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4283 |
| CVE-2022-32942 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32942 |
| CVE-2022-42840 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42840 |
| CVE-2022-42841 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42841 |
| CVE-2022-42847 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42847 |
| CVE-2022-42848 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42848 |
| CVE-2022-42849 | An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42849 |
| CVE-2022-42850 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42850 |
| CVE-2022-46690 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46690 |
| CVE-2022-46693 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46693 |
| CVE-2022-46694 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46694 |
| CVE-2022-46697 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46697 |
| CVE-2022-46701 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46701 |
| CVE-2022-45338 | An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45338 |
| CVE-2022-20508 | In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218679614 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20508 |
| CVE-2022-20582 | In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20582 |
| CVE-2022-20584 | In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20584 |
| CVE-2022-20585 | In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20585 |
| CVE-2022-20586 | In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20586 |
| CVE-2022-20587 | In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20587 |
| CVE-2022-20597 | In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243480506References: N/A | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20597 |
| CVE-2022-20598 | In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20598 |
| CVE-2022-20600 | In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239847859References: N/A | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20600 |
| CVE-2022-42531 | In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42531 |
| CVE-2022-42534 | In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42534 |
| CVE-2022-42544 | In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42544 |
| CVE-2022-41992 | A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41992 |
| CVE-2022-4563 | A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4563 |
| CVE-2022-26582 | The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26582 |
| CVE-2022-23531 | GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially crafted local PyPI package. Running GuardDog against a specially crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23531 |
| CVE-2022-47518 | An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47518 |
| CVE-2022-47519 | An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47519 |
| CVE-2022-47521 | An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47521 |
| CVE-2022-38659 | In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38659 |
| CVE-2022-44750 | IBM Domino is susceptible to a stack-based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44750 |
| CVE-2022-44751 | IBM Notes is susceptible to a stack-based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44751 |
| CVE-2022-44752 | IBM Domino is susceptible to a stack-based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44752 |
| CVE-2022-44753 | IBM Notes is susceptible to a stack-based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44753 |
| CVE-2022-44754 | IBM Domino is susceptible to a stack-based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44754 |
| CVE-2022-44755 | IBM Notes is susceptible to a stack-based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44755 |
| CVE-2022-43289 | Deark v.1.6.2 was discovered to contain a stack overflow via the do_prism_read_palette() function at /modules/atari-img.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43289 |
| CVE-2021-33623 | The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33623 |
| CVE-2020-36423 | An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36423 |
| CVE-2020-36426 | An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36426 |
| CVE-2020-36475 | An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36475 |
| CVE-2020-36476 | An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36476 |
| CVE-2020-36478 | An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36478 |
| CVE-2021-43666 | A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43666 |
| CVE-2022-24836 | Nokogiri is an open-source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24836 |
| CVE-2022-29153 | HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29153 |
| CVE-2022-30634 | Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30634 |
| CVE-2022-30630 | Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30630 |
| CVE-2022-30631 | Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30631 |
| CVE-2022-30632 | Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30632 |
| CVE-2022-30633 | Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30633 |
| CVE-2022-30635 | Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30635 |
| CVE-2022-32189 | A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32189 |
| CVE-2022-40023 | Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40023 |
| CVE-2022-32190 | JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32190 |
| CVE-2022-40149 | Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40149 |
| CVE-2022-37972 | Microsoft Endpoint Configuration Manager Spoofing Vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-37972 |
| CVE-2022-2879 | Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2879 |
| CVE-2022-2880 | Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2880 |
| CVE-2022-41715 | Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41715 |
| CVE-2022-3524 | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3524 |
| CVE-2022-3594 | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3594 |
| CVE-2022-3621 | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3621 |
| CVE-2022-35261 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_authorized_keys/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35261 |
| CVE-2022-35262 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_xml_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35262 |
| CVE-2022-35263 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35263 |
| CVE-2022-35264 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_aaa_cert_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35264 |
| CVE-2022-35265 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_nodejs_app/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35265 |
| CVE-2022-35266 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_firmware/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35266 |
| CVE-2022-35267 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_https_cert_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35267 |
| CVE-2022-35268 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35268 |
| CVE-2022-35269 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_e2c_json_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35269 |
| CVE-2022-35270 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_wireguard_cert_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35270 |
| CVE-2022-35271 | A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_cert_file/` API. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35271 |
| CVE-2022-3705 | A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3705 |
| CVE-2022-42916 | In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42916 |
| CVE-2022-42252 | If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42252 |
| CVE-2022-44556 | Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44556 |
| CVE-2022-45061 | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45061 |
| CVE-2022-3691 | The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3691 |
| CVE-2022-40303 | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40303 |
| CVE-2022-23491 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23491 |
| CVE-2022-3109 | An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3109 |
| CVE-2022-20601 | Product: AndroidVersions: Android kernelAndroid ID: A-204541506References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20601 |
| CVE-2022-20602 | Product: AndroidVersions: Android kernelAndroid ID: A-211081867References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20602 |
| CVE-2022-20605 | In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231722405References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20605 |
| CVE-2022-42524 | In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243401445References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42524 |
| CVE-2022-42527 | In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244448906References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42527 |
| CVE-2022-46137 | AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46137 |
| CVE-2022-4130 | A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4130 |
| CVE-2022-46109 | Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46109 |
| CVE-2022-4565 | A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component. VDB-215974 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4565 |
| CVE-2022-2966 | Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2966 |
| CVE-2022-3166 | Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3166 |
| CVE-2022-3157 | A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3157 |
| CVE-2022-23488 | BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied. (The required streamId was being sent to all users even with lock setting applied). This issue is fixed in version 2.4-rc-6. There are no workarounds. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23488 |
| CVE-2022-47515 | An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a long message in a TCP request that leads to std::length_error. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47515 |
| CVE-2022-47516 | An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47516 |
| CVE-2022-47517 | An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that causes a url_canonize2 heap-based buffer over-read because of an off-by-one error. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47517 |
| CVE-2021-4247 | A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app/routes/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the patch is 4a4d1db74c63fb4ff8d366551c3af006c25ead12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216184. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-4247 |
| CVE-2021-4249 | A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-4249 |
| CVE-2016-20018 | Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-20018 |
| CVE-2022-32749 | Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32749 |
| CVE-2022-4061 | The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4061 |
| CVE-2022-4106 | The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4106 |
| CVE-2022-43883 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43883 |
| CVE-2022-45041 | SQL Injection exits in xinhu < 2.5.0 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45041 |
| CVE-2022-3752 | An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3752 |
| CVE-2022-46399 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46399 |
| CVE-2022-45665 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45665 |
| CVE-2022-45666 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45666 |
| CVE-2022-46530 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mac parameter at /goform/GetParentControlInfo. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46530 |
| CVE-2022-46531 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/addWifiMacFilter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46531 |
| CVE-2022-46532 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceMac parameter at /goform/addWifiMacFilter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46532 |
| CVE-2022-46533 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeed parameter at /goform/SetClientState. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46533 |
| CVE-2022-46534 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the speed_dir parameter at /goform/SetSpeedWan. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46534 |
| CVE-2022-46535 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/SetClientState. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46535 |
| CVE-2022-46536 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeedUp parameter at /goform/SetClientState. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46536 |
| CVE-2022-46537 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security parameter at /goform/WifiBasicSet. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46537 |
| CVE-2022-46539 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security_5g parameter at /goform/WifiBasicSet. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46539 |
| CVE-2022-46540 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/addressNat. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46540 |
| CVE-2022-46541 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the ssid parameter at /goform/fast_setting_wifi_set. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46541 |
| CVE-2022-46542 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/addressNat. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46542 |
| CVE-2022-46543 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mitInterface parameter at /goform/addressNat. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46543 |
| CVE-2022-46544 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the cmdinput parameter at /goform/exeCommand. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46544 |
| CVE-2022-46545 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46545 |
| CVE-2022-46546 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/RouteStatic. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46546 |
| CVE-2022-46547 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/VirtualSer. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46547 |
| CVE-2022-46548 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/DhcpListClient. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46548 |
| CVE-2022-46549 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/saveParentControlInfo. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46549 |
| CVE-2022-46550 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls parameter at /goform/saveParentControlInfo. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46550 |
| CVE-2022-46551 | Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46551 |
| CVE-2022-38391 | IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38391 |
| CVE-2022-41596 | The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41596 |
| CVE-2022-41599 | The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41599 |
| CVE-2022-46310 | The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46310 |
| CVE-2022-46311 | The contacts component has a free (undefined) provider vulnerability. Successful exploitation of this vulnerability may affect data integrity. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46311 |
| CVE-2022-46312 | The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46312 |
| CVE-2022-46314 | The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46314 |
| CVE-2022-46315 | The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46315 |
| CVE-2022-46317 | The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46317 |
| CVE-2022-46321 | The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46321 |
| CVE-2022-46322 | Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46322 |
| CVE-2022-46328 | Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46328 |
| CVE-2022-22184 | An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute will propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Since this issue only affects 22.3R1, Juniper strongly encourages customers to move to 22.3R1-S1. Juniper SIRT felt that the need to promptly warn customers about this issue affecting the 22.3R1 versions of Junos OS and Junos OS Evolved warranted an Out of Cycle JSA. This issue affects: Juniper Networks Junos OS version 22.3R1. Juniper Networks Junos OS Evolved version 22.3R1-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 22.3R1. Juniper Networks Junos OS Evolved versions prior to 22.3R1-EVO. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22184 |
| CVE-2022-46908 | SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-46908 |
| CVE-2019-15692 | TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appears to be exploitable via network connectivity. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-15692 |
| CVE-2022-37967 | Windows Kerberos Elevation of Privilege Vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-37967 |
| CVE-2022-42845 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges. | 7.2 |
