Security Bulletin 28 Dec 2022

Published on 28 Dec 2022

Updated on 28 Dec 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2022-3643 Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-3643
CVE-2019-16891 Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-16891
CVE-2020-3227 A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3227
CVE-2020-35476 A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.) 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35476
CVE-2021-34427 In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34427
CVE-2021-44732 Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44732
CVE-2022-34916 Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34916
CVE-2022-3649 A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3649
CVE-2022-44542 lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-44542
CVE-2022-46404 A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46404
CVE-2021-39426 An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39426
CVE-2022-42837 An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42837
CVE-2022-42842 The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42842
CVE-2022-46631 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46631
CVE-2022-46634 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46634
CVE-2022-47377 Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-47377
CVE-2022-42529 Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42529
CVE-2022-4566 A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-4566
CVE-2021-31650 A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31650
CVE-2021-38241 Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38241
CVE-2022-37832 Mutiny 7.2.0-10788 suffers from Hardcoded root password. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37832
CVE-2021-4246 A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216176. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4246
CVE-2022-4592 A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is 8c62d274986137d6a1d06958a6f75c3553f45f8f. It is recommended to apply a patch to fix this issue. The identifier VDB-216185 was assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-4592
CVE-2022-4594 A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-4594
CVE-2021-4248 A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS/Protocol/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be launched remotely. Upgrading to version 7.0.0 is able to address this issue. The name of the patch is cf7105aa2aae90d6656088fe5a8ee1d5730773b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216188. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4248
CVE-2022-4606 PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-4606
CVE-2022-4607 A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch is 246f4e2a97ad81491c00a7ed72ce5e7c7f75050a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216215. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-4607
CVE-2022-44456 CONPROSYS HMI System (CHS) Ver.3.4.4 and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-44456
CVE-2020-36619 A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36619
CVE-2021-4259 A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 is able to address this issue. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216267. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4259
CVE-2021-4261 A vulnerability classified as critical has been found in pacman-canvas up to 1.0.5. Affected is the function addHighscore of the file data/db-handler.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 29522c90ca1cebfce6453a5af5a45281d99b0646. It is recommended to upgrade the affected component. VDB-216270 is the identifier assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4261
CVE-2021-4262 A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216271. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4262
CVE-2022-4050 The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-4050
CVE-2022-4063 The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-4063
CVE-2022-40434 Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40434
CVE-2022-44108 pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(Object*):Object.cc. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-44108
CVE-2022-44109 pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-44109
CVE-2022-46538 Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46538
CVE-2022-46316 A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46316
CVE-2022-46319 Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46319
CVE-2022-46320 The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46320
CVE-2022-46323 Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46323
CVE-2022-46324 Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46324
CVE-2022-46325 Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46325
CVE-2022-46326 Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46326
CVE-2022-46327 Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46327
CVE-2022-1887 The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1887
CVE-2022-40004 Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2022-40004
CVE-2021-22945 When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22945
CVE-2022-35409 An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35409
CVE-2022-38708 IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38708
CVE-2022-44940 Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-44940

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2016-6931 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6932. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2016-6931
CVE-2020-3118 A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3118
CVE-2022-35823 Microsoft SharePoint Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35823
CVE-2022-40955 In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40955
CVE-2022-3640 A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3640
CVE-2022-46340 A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46340
CVE-2022-46341 A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46341
CVE-2022-46342 A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46342
CVE-2022-46343 A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46343
CVE-2022-46344 A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46344
CVE-2022-42856 A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42856
CVE-2022-42861 This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42861
CVE-2022-42863 A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42863
CVE-2022-42867 A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42867
CVE-2022-46691 A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46691
CVE-2022-46696 A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46696
CVE-2022-46699 A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46699
CVE-2022-46700 A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46700
CVE-2022-20607 In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20607
CVE-2022-20610 In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20610
CVE-2022-25628 An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25628
CVE-2022-4564 A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-4564
CVE-2022-47208 The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-47208
CVE-2022-47209 A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-47209
CVE-2022-4584 A vulnerability was found in Axiomatic Bento4. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-4584
CVE-2022-47514 An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-47514
CVE-2022-4604 A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.5.2 is able to address this issue. The name of the patch is ad4ba171c974c65c3456e7c6228f59f40783b33d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216199. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-4604
CVE-2022-43443 Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, and WCR-1166DS firmware Ver. 1.34 and earlier allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43443
CVE-2022-42844 The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to break out of its sandbox. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2022-42844
CVE-2022-46403 The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2022-46403
CVE-2022-29181 Nokogiri is an open-source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-29181
CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-37966
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38023
CVE-2022-4567 Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-4567
CVE-2022-3565 A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-3565
CVE-2018-8822 Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2018-8822
CVE-2019-3467 Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-3467
CVE-2022-2938 A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2938
CVE-2022-2978 A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2978
CVE-2022-3545 A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3545
CVE-2022-43750 drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43750
CVE-2022-40284 A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40284
CVE-2022-23748 mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23748
CVE-2022-40304 An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40304
CVE-2022-45934 An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-45934
CVE-2022-43484 TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43484
CVE-2022-4283 A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-4283
CVE-2022-32942 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32942
CVE-2022-42840 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42840
CVE-2022-42841 A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42841
CVE-2022-42847 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42847
CVE-2022-42848 A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42848
CVE-2022-42849 An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42849
CVE-2022-42850 The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42850
CVE-2022-46690 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46690
CVE-2022-46693 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46693
CVE-2022-46694 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46694
CVE-2022-46697 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46697
CVE-2022-46701 The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46701
CVE-2022-45338 An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-45338
CVE-2022-20508 In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218679614 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20508
CVE-2022-20582 In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20582
CVE-2022-20584 In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20584
CVE-2022-20585 In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20585
CVE-2022-20586 In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20586
CVE-2022-20587 In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20587
CVE-2022-20597 In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243480506References: N/A 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20597
CVE-2022-20598 In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20598
CVE-2022-20600 In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239847859References: N/A 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20600
CVE-2022-42531 In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42531
CVE-2022-42534 In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42534
CVE-2022-42544 In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42544
CVE-2022-41992 A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41992
CVE-2022-4563 A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-4563
CVE-2022-26582 The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26582
CVE-2022-23531 GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially crafted local PyPI package. Running GuardDog against a specially crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23531
CVE-2022-47518 An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-47518
CVE-2022-47519 An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-47519
CVE-2022-47521 An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-47521
CVE-2022-38659 In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38659
CVE-2022-44750 IBM Domino is susceptible to a stack-based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-44750
CVE-2022-44751 IBM Notes is susceptible to a stack-based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-44751
CVE-2022-44752 IBM Domino is susceptible to a stack-based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-44752
CVE-2022-44753 IBM Notes is susceptible to a stack-based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-44753
CVE-2022-44754 IBM Domino is susceptible to a stack-based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-44754
CVE-2022-44755 IBM Notes is susceptible to a stack-based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-44755
CVE-2022-43289 Deark v.1.6.2 was discovered to contain a stack overflow via the do_prism_read_palette() function at /modules/atari-img.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43289
CVE-2021-33623 The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33623
CVE-2020-36423 An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36423
CVE-2020-36426 An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36426
CVE-2020-36475 An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36475
CVE-2020-36476 An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36476
CVE-2020-36478 An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36478
CVE-2021-43666 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43666
CVE-2022-24836 Nokogiri is an open-source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24836
CVE-2022-29153 HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29153
CVE-2022-30634 Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30634
CVE-2022-30630 Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30630
CVE-2022-30631 Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30631
CVE-2022-30632 Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30632
CVE-2022-30633 Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30633
CVE-2022-30635 Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30635
CVE-2022-32189 A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32189
CVE-2022-40023 Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40023
CVE-2022-32190 JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32190
CVE-2022-40149 Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40149
CVE-2022-37972 Microsoft Endpoint Configuration Manager Spoofing Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37972
CVE-2022-2879 Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2879
CVE-2022-2880 Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2880
CVE-2022-41715 Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41715
CVE-2022-3524 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3524
CVE-2022-3594 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3594
CVE-2022-3621 A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3621
CVE-2022-35261 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_authorized_keys/` API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35261
CVE-2022-35262 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_xml_file/` API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35262
CVE-2022-35263 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_file/` API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35263
CVE-2022-35264 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_aaa_cert_file/` API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35264
CVE-2022-35265 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_nodejs_app/` API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35265
CVE-2022-35266 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_firmware/` API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35266
CVE-2022-35267 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_https_cert_file/` API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35267
CVE-2022-35268 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35268
CVE-2022-35269 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_e2c_json_file/` API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35269
CVE-2022-35270 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_wireguard_cert_file/` API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35270
CVE-2022-35271 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_cert_file/` API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35271
CVE-2022-3705 A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3705
CVE-2022-42916 In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42916
CVE-2022-42252 If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42252
CVE-2022-44556 Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-44556
CVE-2022-45061 An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-45061
CVE-2022-3691 The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3691
CVE-2022-40303 An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40303
CVE-2022-23491 Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23491
CVE-2022-3109 An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3109
CVE-2022-20601 Product: AndroidVersions: Android kernelAndroid ID: A-204541506References: N/A 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20601
CVE-2022-20602 Product: AndroidVersions: Android kernelAndroid ID: A-211081867References: N/A 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20602
CVE-2022-20605 In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231722405References: N/A 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20605
CVE-2022-42524 In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243401445References: N/A 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42524
CVE-2022-42527 In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244448906References: N/A 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42527
CVE-2022-46137 AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46137
CVE-2022-4130 A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-4130
CVE-2022-46109 Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46109
CVE-2022-4565 A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component. VDB-215974 is the identifier assigned to this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-4565
CVE-2022-2966 Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2966
CVE-2022-3166 Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3166
CVE-2022-3157 A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3157
CVE-2022-23488 BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied. (The required streamId was being sent to all users even with lock setting applied). This issue is fixed in version 2.4-rc-6. There are no workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23488
CVE-2022-47515 An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a long message in a TCP request that leads to std::length_error. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-47515
CVE-2022-47516 An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-47516
CVE-2022-47517 An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that causes a url_canonize2 heap-based buffer over-read because of an off-by-one error. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-47517
CVE-2021-4247 A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app/routes/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the patch is 4a4d1db74c63fb4ff8d366551c3af006c25ead12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216184. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4247
CVE-2021-4249 A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4249
CVE-2016-20018 Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-20018
CVE-2022-32749 Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32749
CVE-2022-4061 The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-4061
CVE-2022-4106 The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-4106
CVE-2022-43883 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43883
CVE-2022-45041 SQL Injection exits in xinhu < 2.5.0 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-45041
CVE-2022-3752 An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3752
CVE-2022-46399 The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46399
CVE-2022-45665 Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-45665
CVE-2022-45666 Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-45666
CVE-2022-46530 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mac parameter at /goform/GetParentControlInfo. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46530
CVE-2022-46531 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/addWifiMacFilter. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46531
CVE-2022-46532 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceMac parameter at /goform/addWifiMacFilter. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46532
CVE-2022-46533 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeed parameter at /goform/SetClientState. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46533
CVE-2022-46534 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the speed_dir parameter at /goform/SetSpeedWan. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46534
CVE-2022-46535 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/SetClientState. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46535
CVE-2022-46536 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeedUp parameter at /goform/SetClientState. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46536
CVE-2022-46537 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security parameter at /goform/WifiBasicSet. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46537
CVE-2022-46539 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security_5g parameter at /goform/WifiBasicSet. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46539
CVE-2022-46540 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/addressNat. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46540
CVE-2022-46541 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the ssid parameter at /goform/fast_setting_wifi_set. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46541
CVE-2022-46542 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/addressNat. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46542
CVE-2022-46543 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mitInterface parameter at /goform/addressNat. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46543
CVE-2022-46544 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the cmdinput parameter at /goform/exeCommand. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46544
CVE-2022-46545 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46545
CVE-2022-46546 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/RouteStatic. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46546
CVE-2022-46547 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/VirtualSer. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46547
CVE-2022-46548 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/DhcpListClient. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46548
CVE-2022-46549 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/saveParentControlInfo. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46549
CVE-2022-46550 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls parameter at /goform/saveParentControlInfo. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46550
CVE-2022-46551 Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46551
CVE-2022-38391 IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38391
CVE-2022-41596 The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41596
CVE-2022-41599 The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41599
CVE-2022-46310 The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46310
CVE-2022-46311 The contacts component has a free (undefined) provider vulnerability. Successful exploitation of this vulnerability may affect data integrity. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46311
CVE-2022-46312 The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46312
CVE-2022-46314 The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46314
CVE-2022-46315 The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46315
CVE-2022-46317 The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46317
CVE-2022-46321 The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46321
CVE-2022-46322 Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46322
CVE-2022-46328 Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46328
CVE-2022-22184 An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute will propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Since this issue only affects 22.3R1, Juniper strongly encourages customers to move to 22.3R1-S1. Juniper SIRT felt that the need to promptly warn customers about this issue affecting the 22.3R1 versions of Junos OS and Junos OS Evolved warranted an Out of Cycle JSA. This issue affects: Juniper Networks Junos OS version 22.3R1. Juniper Networks Junos OS Evolved version 22.3R1-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 22.3R1. Juniper Networks Junos OS Evolved versions prior to 22.3R1-EVO. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22184
CVE-2022-46908 SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-46908
CVE-2019-15692 TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appears to be exploitable via network connectivity. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2019-15692
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-37967
CVE-2022-42845 The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges. 7.2