Inergency
An online hub for emergency and natural disaster solutions

Vulnerability Summary for the Week of September 26, 2022

17
Vulnerability Summary for the Week of September 26, 2022


acer — altos_t110_f3 There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir. 2022-09-23 7.8 CVE-2022-30426
MISC
MISC
MISC advantech — iview An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. 2022-09-27 7.5 CVE-2022-3323
MISC apache — pinot In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0 2022-09-23 9.8 CVE-2022-26112
CONFIRM apple — ipad_os An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. 2022-09-23 7.1 CVE-2020-36521
MISC
MISC
MISC
MISC
MISC
MISC apple — iphone_os A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. 2022-09-23 7.8 CVE-2022-32814
MISC
MISC
MISC
MISC apple — iphone_os A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. 2022-09-23 8.8 CVE-2022-26700
MISC
MISC
MISC
MISC
MISC apple — iphone_os A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-09-23 8.8 CVE-2022-22624
MISC
MISC
MISC
MISC apple — macos An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges. 2022-09-23 7.8 CVE-2022-32842
MISC
MISC apple — macos A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. 2022-09-23 7.8 CVE-2022-32796
MISC apple — macos An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges. 2022-09-23 7.8 CVE-2022-32826
MISC
MISC
MISC
MISC
MISC
MISC apple — macos An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app may be able to gain elevated privileges. 2022-09-23 7.8 CVE-2022-32798
MISC apple — macos A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges. 2022-09-23 7.8 CVE-2022-32819
MISC
MISC
MISC
MISC
MISC
MISC apple — macos This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to gain root privileges. 2022-09-23 7.8 CVE-2022-32801
MISC apple — macos This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. 2022-09-23 7.8 CVE-2022-32829
MISC
MISC apple — macos The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges. 2022-09-23 7.8 CVE-2022-32815
MISC
MISC
MISC
MISC
MISC
MISC apple — macos This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox. 2022-09-23 10 CVE-2022-32845
MISC
MISC
MISC apple — macos This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service. 2022-09-23 7.5 CVE-2022-32790
MISC
MISC
MISC
MISC
MISC
MISC apple — macos An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-09-23 8.8 CVE-2022-32792
MISC
MISC
MISC
MISC
MISC apple — macos An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges. 2022-09-23 7.8 CVE-2022-32820
MISC
MISC
MISC
MISC
MISC
MISC apple — macos A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. 2022-09-23 7.8 CVE-2022-32821
MISC
MISC
MISC
MISC apple — macos An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. 2022-09-23 7.1 CVE-2022-32852
MISC apple — macos An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. 2022-09-23 7.1 CVE-2022-32851
MISC
MISC
MISC apple — macos An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. 2022-09-23 7.1 CVE-2022-32831
MISC
MISC
MISC apple — macos An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory. 2022-09-23 7.1 CVE-2022-32843
MISC
MISC
MISC apple — macos A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-09-23 8.8 CVE-2022-22629
MISC
MISC
MISC
MISC
MISC
MISC apple — macos An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-09-23 8.8 CVE-2022-32787
MISC
MISC
MISC
MISC
MISC
MISC apple — macos This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. 2022-09-23 7.1 CVE-2022-32797
MISC
MISC
MISC apple — macos This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory. 2022-09-23 9.1 CVE-2022-32847
MISC
MISC
MISC
MISC
MISC
MISC apple — macos This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files. 2022-09-23 7.1 CVE-2022-32807
MISC
MISC
MISC apple — macos An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. 2022-09-23 7.1 CVE-2022-32853
MISC
MISC
MISC apple — swiftnio NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines to their input (usually in encoded form) and “inject” those newlines into the returned HTTP response. This capability allows users to work around security headers and HTTP/1.1 framing headers by injecting entirely false responses or other new headers. The injected false responses may also be treated as the response to subsequent requests, which can lead to XSS, cache poisoning, and a number of other flaws. This issue was resolved by adding validation to the HTTPHeaders type, ensuring that there’s no whitespace incorrectly present in the HTTP headers provided by users. As the existing API surface is non-failable, all invalid characters are replaced by linear whitespace. 2022-09-28 7.5 CVE-2022-3215
MISC apple — tvos A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution. 2022-09-23 8.8 CVE-2022-22610
MISC
MISC
MISC
MISC
MISC apple — tvos A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior. 2022-09-23 8.8 CVE-2022-22637
MISC
MISC
MISC
MISC
MISC apple — tvos A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-09-23 8.8 CVE-2022-22628
MISC
MISC
MISC
MISC
MISC arvados — arvados Arvados is an open source platform for managing and analyzing biomedical big data. In versions prior to 2.4.3, when using Portable Authentication Modules (PAM) for user authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host (such as an expired password), it would still be accepted for access to Arvados. Other authentication methods (LDAP, OpenID Connect) supported by Arvados are not affected by this flaw. This issue is patched in version 2.4.3. Workaround for this issue is to migrate to a different authentication method supported by Arvados, such as LDAP. 2022-09-23 8.8 CVE-2022-39238
CONFIRM b2evolution — b2evolution An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well. 2022-09-28 9.1 CVE-2022-30935
MISC
MISC
MISC centreon — centreon Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. 2022-09-26 8.8 CVE-2022-40043
MISC
MISC checkpoint — zonealarm Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM. 2022-09-27 8.8 CVE-2022-41604
MISC
MISC
MISC cloudbase — open_vswitch In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. 2022-09-28 8.8 CVE-2022-32166
MISC
MISC cloudwego — hertz Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function. 2022-09-28 7.5 CVE-2022-40082
MISC
MISC dell — smartfabric_os10 Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans. 2022-09-28 7.5 CVE-2022-34424
MISC denx — u-boot There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer. 2022-09-23 7.1 CVE-2022-2347
MISC dompdf — dompdf registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. 2022-09-25 7.5 CVE-2022-41343
MISC
MISC
MISC ec-cube — product_image_bulk_upload EC-CUBE plugin ‘Product Image Bulk Upload Plugin’ 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system. 2022-09-27 9.8 CVE-2022-37346
MISC
MISC exam_reviewer_management — exam_reviewer_management In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE). 2022-09-27 8.8 CVE-2022-40878
MISC exam_reviewer_management — exam_reviewer_management Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter. 2022-09-27 9.8 CVE-2022-40877
MISC eyesofnetwork — eyesofnetwork An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur. 2022-09-27 9.8 CVE-2022-41571
MISC eyesofnetwork — eyesofnetwork An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur. 2022-09-27 9.8 CVE-2022-41570
MISC ffmpeg — ffmpeg A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 2022-09-23 7.8 CVE-2022-2566
MISC flatpress — flatpress Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. 2022-09-29 7.2 CVE-2022-40048
MISC
MISC food_ordering_management_system — food_ordering_management_system A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583. 2022-09-28 9.8 CVE-2022-3332
MISC
MISC gavazziautomation — cpy_car_park_server In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands. 2022-09-28 9.8 CVE-2022-28811
CONFIRM gavazziautomation — cpy_car_park_server In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device. 2022-09-28 9.8 CVE-2022-28812
CONFIRM gavazziautomation — cpy_car_park_server In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device. 2022-09-28 9.8 CVE-2022-22522
CONFIRM gavazziautomation — cpy_car_park_server In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API. 2022-09-28 9.8 CVE-2022-22526
CONFIRM gavazziautomation — cpy_car_park_server In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services . 2022-09-28 9.4 CVE-2022-22524
CONFIRM gavazziautomation — cpy_car_park_server An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled. 2022-09-28 7.5 CVE-2022-22523
CONFIRM gavazziautomation — cpy_car_park_server Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device. 2022-09-28 9.8 CVE-2022-28814
CONFIRM gavazziautomation — cpy_car_park_server In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function 2022-09-28 7.2 CVE-2022-22525
CONFIRM google — chrome Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3045
MISC
MISC
GENTOO
FEDORA google — chrome Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3195
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3199
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3049
MISC
MISC
GENTOO
FEDORA google — chrome Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. 2022-09-26 8.8 CVE-2022-3051
MISC
MISC
GENTOO
FEDORA google — chrome Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3043
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3042
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3046
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2022-09-26 8.8 CVE-2022-3197
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3040
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3055
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2022-09-26 8.8 CVE-2022-3196
MISC
MISC
GENTOO
FEDORA google — chrome Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. 2022-09-26 8.8 CVE-2022-3052
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. 2022-09-26 8.8 CVE-2022-3058
MISC
MISC
GENTOO
FEDORA google — chrome Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. 2022-09-26 8.8 CVE-2022-3050
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-2998
MISC
MISC google — chrome Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3200
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-2852
MISC
MISC
FEDORA google — chrome Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2022-09-26 8.8 CVE-2022-3198
MISC
MISC
GENTOO
FEDORA google — chrome Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-2853
MISC
MISC
FEDORA google — chrome Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3039
MISC
MISC
GENTOO
FEDORA google — chrome Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2022-09-26 9.6 CVE-2022-3075
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. 2022-09-26 8.8 CVE-2022-2859
MISC
MISC
FEDORA google — chrome Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-29 7.5 CVE-2019-5797
MISC
MISC google — chrome Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3038
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-3041
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-2854
MISC
MISC
FEDORA google — chrome Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-2855
MISC
MISC
FEDORA google — chrome Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-09-26 8.8 CVE-2022-2857
MISC
MISC
FEDORA google — chrome Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. 2022-09-26 8.8 CVE-2022-3071
MISC
MISC
GENTOO
FEDORA google — chrome Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. 2022-09-26 8.8 CVE-2022-2858
MISC
MISC
FEDORA grandstream — gds3710 an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn’t check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access. 2022-09-23 9.8 CVE-2022-2025
CONFIRM grandstream — gds3710 In Grandstream GSD3710 in its 1.0.11.13 version, it’s possible to overflow the stack since it doesn’t check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default. 2022-09-23 9.8 CVE-2022-2070
CONFIRM graphicsmagick — graphicsmagick In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. 2022-09-28 7.8 CVE-2022-1270
MISC
GENTOO hapijs — hoek hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function. 2022-09-23 8.1 CVE-2020-36604
MISC
MISC ibm — sterling_partner_engagement_manager IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017. 2022-09-23 7.1 CVE-2022-34348
CONFIRM
XF ibm — websphere_mq IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager. 2022-09-29 7.5 CVE-2012-2201
XF ikus-soft — rdiffweb Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. 2022-09-23 9.8 CVE-2022-3269
CONFIRM
MISC ikus-soft — rdiffweb Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8. 2022-09-26 7.5 CVE-2022-3290
CONFIRM
MISC ikus-soft — rdiffweb Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. 2022-09-26 7.5 CVE-2022-3295
CONFIRM
MISC ikus-soft — rdiffweb Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8. 2022-09-26 7.5 CVE-2022-3272
MISC
CONFIRM ikus-soft — rdiffweb Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. 2022-09-26 7.5 CVE-2022-3298
CONFIRM
MISC insyde — insydeh2o An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI. 2022-09-23 8.2 CVE-2022-36338
MISC
MISC
MISC insyde — insydeh2o An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver. 2022-09-28 8.2 CVE-2022-36448
MISC
MISC
MISC insyde — insydeh2o An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 2022-09-23 8.2 CVE-2022-35893
MISC
MISC
MISC jflyfox — jfinal_cms JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. 2022-09-27 8.8 CVE-2022-37209
MISC
MISC joblib — joblib The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. 2022-09-26 9.8 CVE-2022-21797
CONFIRM
CONFIRM
CONFIRM
CONFIRM kovidgoyal — kitty In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. 2022-09-23 7.8 CVE-2022-41322
MISC
MISC
MISC
MISC
GENTOO
FEDORA
FEDORA labstack — echo Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). 2022-09-28 9.6 CVE-2022-40083
MISC lcnet — smart_evision Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service. 2022-09-28 8.8 CVE-2022-39032
MISC lcnet — smart_evision smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information. 2022-09-28 7.5 CVE-2022-39030
MISC lcnet — smart_evision Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete arbitrary system files to disrupt service. 2022-09-28 9.8 CVE-2022-39033
MISC linux — linux off-by-one in io_uring module. 2022-09-26 7.8 CVE-2022-3103
MISC linuxfoundation — besu Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations. In networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations. This issue is patched in version 22.7.1. As a workaround, reverting to version 22.1.3 or earlier will prevent incorrect execution. 2022-09-24 9.1 CVE-2022-36025
CONFIRM linuxfoundation — fabric A vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack. 2022-09-23 7.5 CVE-2022-35253
MISC
MISC
MISC mailcow — mailcow mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server. 2022-09-27 8.2 CVE-2022-39258
MISC
CONFIRM makedeb — mist Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user’s system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist. 2022-09-26 7.8 CVE-2022-39245
CONFIRM
MISC
MISC matrix — javascript_sdk Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround. 2022-09-28 7.5 CVE-2022-39249
MISC
CONFIRM
MISC
MISC
MISC matrix — javascript_sdk Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. 2022-09-28 7.5 CVE-2022-39251
MISC
MISC
MISC
CONFIRM matrix — software_development_kit Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. 2022-09-28 7.5 CVE-2022-39257
MISC
CONFIRM
MISC
MISC matrix — software_development_kit Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-ios-sdk version 0.23.19 has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. To avoid malicious backup attacks, one should not verify one’s new logins using emoji/QR verifications methods until patched. 2022-09-28 7.5 CVE-2022-39255
MISC
CONFIRM
MISC
MISC matrix — software_development_kit matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. matrix-android-sdk2 would then additionally sign such a key backup with its device key, spilling trust over to other devices trusting the matrix-android-sdk2 device. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-android-sdk2 version 1.5.1 has been modified to only accept Olm-encrypted to-device messages and to stop signing backups on a successful decryption. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. 2022-09-28 7.5 CVE-2022-39248
MISC
MISC
CONFIRM
MISC measuresoft — scadapro_server The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges. 2022-09-23 7.8 CVE-2022-3263
CONFIRM metersphere — metersphere An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands. 2022-09-29 9.8 CVE-2021-45790
MISC metersphere — metersphere Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the “orders” parameter. 2022-09-29 8.8 CVE-2021-45788
MISC mipcm — mipc_camera Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. This allows an attacker to gain remote code execution on cameras running the firmware when a victim logs into a specially crafted mobile app. 2022-09-26 8.8 CVE-2022-40785
MISC mipcm — mipc_camera Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406. 2022-09-26 8.8 CVE-2022-40784
MISC mz-automation — libiec61850 MZ Automation’s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code. 2022-09-23 9.8 CVE-2022-2972
MISC mz-automation — libiec61850 MZ Automation’s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload. 2022-09-23 7.5 CVE-2022-2971
MISC mz-automation — libiec61850 MZ Automation’s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code. 2022-09-23 9.8 CVE-2022-2970
MISC mz-automation — libiec61850 MZ Automation’s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server. 2022-09-23 7.5 CVE-2022-2973
MISC nepxion — discovery Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds. 2022-09-24 9.8 CVE-2022-23463
MISC nepxion — discovery Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds. 2022-09-24 7.5 CVE-2022-23464
MISC next-auth — nextauth `@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use `next-auth` Email Provider and `@next-auth/upstash-redis-adapter` before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation did not check for both the identifier (email) and the token, but only checking for the identifier when verifying the token in the email callback flow. An attacker who knows about the victim’s email could easily sign in as the victim, given the attacker also knows about the verification token’s expired duration. The vulnerability is patched in v3.0.2. A workaround is available. Using Advanced Initialization, developers can check the requests and compare the query’s token and identifier before proceeding. 2022-09-28 8.1 CVE-2022-39263
CONFIRM
MISC nic — knot_resolver Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. 2022-09-23 7.5 CVE-2022-40188
CONFIRM
FEDORA
FEDORA
FEDORA nlnetlabs — unbound A vulnerability named ‘Non-Responsive Delegation Attack’ (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records. 2022-09-26 7.5 CVE-2022-3204
CONFIRM
FEDORA notepad-plus-plus — notepad-plus-plus Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. 2022-09-28 7.8 CVE-2022-32168
CONFIRM
MISC nuprocess — nuprocess NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM’s Java_java_lang_UNIXProcess_forkAndExec method (1.2.0+), attackers can use NUL characters in their strings to perform command line injection. Java’s ProcessBuilder isn’t vulnerable because of a check in ProcessBuilder.start. NuProcess is missing that check. This vulnerability can only be exploited to inject command line arguments on Linux. Version 2.0.5 contains a patch. As a workaround, users of the library can sanitize command strings to remove NUL characters prior to passing them to NuProcess for execution. 2022-09-26 9.8 CVE-2022-39243
MISC
CONFIRM
MISC online_banking_system — online_banking_system Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php. 2022-09-23 9.8 CVE-2022-40118
MISC
MISC online_banking_system — online_banking_system Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php. 2022-09-23 9.8 CVE-2022-40115
MISC
MISC online_banking_system — online_banking_system Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php. 2022-09-23 9.8 CVE-2022-40116
MISC
MISC online_banking_system — online_banking_system Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php. 2022-09-23 9.8 CVE-2022-40120
MISC
MISC online_banking_system — online_banking_system Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php. 2022-09-23 9.8 CVE-2022-40114
MISC
MISC online_banking_system — online_banking_system Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php. 2022-09-23 9.8 CVE-2022-40119
MISC
MISC online_banking_system — online_banking_system Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php. 2022-09-23 9.8 CVE-2022-40117
MISC
MISC online_banking_system — online_banking_system Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php. 2022-09-23 9.8 CVE-2022-40121
MISC
MISC online_banking_system — online_banking_system Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php. 2022-09-23 9.8 CVE-2022-40122
MISC
MISC online_banking_system — online_banking_system Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php. 2022-09-23 9.8 CVE-2022-40113
MISC
MISC online_leave_management_system — online_leave_management_system Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application. 2022-09-26 7.2 CVE-2022-40928
MISC online_leave_management_system — online_leave_management_system Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation. 2022-09-26 7.2 CVE-2022-40927
MISC online_leave_management_system — online_leave_management_system Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type. 2022-09-26 7.2 CVE-2022-40926
MISC online_market_place_site — online_market_place_site Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection.. 2022-09-26 9.8 CVE-2022-30004
MISC
MISC online_tours_travels_management_system — online_tours_travels_management_system Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_currency.php. 2022-09-26 7.2 CVE-2022-40097
MISC online_tours_travels_management_system — online_tours_travels_management_system Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php. 2022-09-26 7.2 CVE-2022-40099
MISC online_tours_travels_management_system — online_tours_travels_management_system Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php. 2022-09-27 7.2 CVE-2022-40354
MISC online_tours_travels_management_system — online_tours_travels_management_system Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php. 2022-09-27 7.2 CVE-2022-40353
MISC online_tours_travels_management_system — online_tours_travels_management_system Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php. 2022-09-26 7.2 CVE-2022-40098
MISC online_tours_travels_management_system — online_tours_travels_management_system Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php. 2022-09-27 7.2 CVE-2022-40352
MISC open5gs — open5gs A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-209686 is the identifier assigned to this vulnerability. 2022-09-28 7.5 CVE-2022-3354
MISC
MISC orckestra — c1_cms Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds. 2022-09-27 8 CVE-2022-39256
MISC
MISC
CONFIRM pbc — pbc An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137. 2022-09-23 7.5 CVE-2022-38936
MISC python-jwt — python-jwt python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user’s identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds. 2022-09-23 9.1 CVE-2022-39227
MISC
CONFIRM
MISC qualcomm — apq8009 Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-26 7.8 CVE-2022-22058
CONFIRM realtek — rtl8195am On Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task can be locked when there are frequent and continuous Wi-Fi connection failures for the Soft AP mode. 2022-09-27 7.5 CVE-2022-34326
MISC
MISC redis — redis Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist. 2022-09-23 9.8 CVE-2022-35951
CONFIRM
FEDORA
GENTOO resumes_management_and_job_application_website_application — resumes_management_and_job_application_website_application SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php. 2022-09-27 9.8 CVE-2021-41433
MISC
MISC rocket.chat — rocket.chat A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. 2022-09-23 8.8 CVE-2022-35248
MISC rocket.chat — rocket.chat A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret. 2022-09-23 8.8 CVE-2022-32211
MISC rockwellautomation — thinmanager Rockwell Automation ThinManager ThinServer versions 11.0.0 – 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution. 2022-09-23 9.8 CVE-2022-38742
MISC samsung — tizenrt An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction). 2022-09-29 7.5 CVE-2022-40279
MISC
MISC
MISC samsung — tizenrt An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service. 2022-09-29 7.5 CVE-2022-40278
MISC
MISC
MISC
MISC scala-lang — scala Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain. 2022-09-23 9.8 CVE-2022-36944
MISC
MISC secp256k1-js_project — secp256k1-js The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery. 2022-09-24 7.5 CVE-2022-41340
MISC
MISC
MISC
MISC sophos — firewall A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. 2022-09-23 9.8 CVE-2022-3236
CONFIRM strapi — strapi Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. 2022-09-27 8.8 CVE-2022-31367
MISC
MISC
MISC symfony — twig Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates’ directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading. 2022-09-28 7.5 CVE-2022-39261
MISC
CONFIRM
CONFIRM tacitine — en6200-prime_quad-35 This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform session fixation on the targeted device. 2022-09-23 9.8 CVE-2022-40630
MISC
MISC tacitine — en6200-prime_quad-35 This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device. 2022-09-23 9.8 CVE-2022-40628
MISC
MISC tacitine — en6200-prime_quad-35 This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to insecure design in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to view sensitive information on the targeted device. 2022-09-23 7.5 CVE-2022-40629
MISC
MISC tenda — ac18 Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/ 2022-09-23 7.2 CVE-2022-40861
MISC tenda — ac18 Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set 2022-09-23 9.8 CVE-2022-40854
MISC tenda — i9 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. 2022-09-23 7.5 CVE-2022-40106
MISC tenda — i9 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. 2022-09-23 7.5 CVE-2022-40107
MISC tenda — i9 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. 2022-09-23 7.5 CVE-2022-40105
MISC tenda — i9 Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function. 2022-09-23 9.8 CVE-2022-40100
MISC tenda — i9 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. 2022-09-23 7.5 CVE-2022-40102
MISC tenda — i9 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. 2022-09-23 7.5 CVE-2022-40101
MISC tenda — i9 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. 2022-09-23 7.5 CVE-2022-40104
MISC tenda — tx3 Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time. 2022-09-28 9.8 CVE-2022-40942
MISC tenda — w20e Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/ 2022-09-23 9.8 CVE-2022-40866
MISC tenda — w20e Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/ 2022-09-23 9.8 CVE-2022-40867
MISC tenda — w20e Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/ 2022-09-23 9.8 CVE-2022-40868
MISC tenda — w20e Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request ‘goform/setPortMapping/’. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. 2022-09-23 9.8 CVE-2022-40855
MISC toaruos — toaruos readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. 2022-09-27 7.8 CVE-2022-38932
MISC tp-link — archer_ax10_v1 TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file. 2022-09-28 8.8 CVE-2022-40486
MISC
MISC
MISC trendmicro — deep_security A link following vulnerability in Trend Micro Deep Security 20 and Cloud One – Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-09-28 7.8 CVE-2022-40710
N/A
N/A trudesk_project — trudesk The trudesk application allows large characters to insert in the input field “Full Name” on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service. 2022-09-29 7.5 CVE-2022-1718
CONFIRM
MISC ui — desktop A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM. 2022-09-23 7.8 CVE-2022-35257
MISC vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0614. 2022-09-29 7.8 CVE-2022-3352
CONFIRM
MISC vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0579. 2022-09-25 7.8 CVE-2022-3297
MISC
CONFIRM vim — vim Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. 2022-09-25 7.8 CVE-2022-3296
MISC
CONFIRM vim — vim Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. 2022-09-27 7.8 CVE-2022-3324
CONFIRM
MISC wayland — wayland An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time. 2022-09-23 9.8 CVE-2021-3782
MISC wazuh — wazuh Wazuh v3.6.1 – v3.13.5, v4.0.0 – v4.2.7, and v4.3.0 – v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. 2022-09-28 8.8 CVE-2022-40497
MISC wedding_planner — wedding_planner Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php. 2022-09-26 9.8 CVE-2022-40483
MISC wedding_planner — wedding_planner Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php. 2022-09-26 9.8 CVE-2022-40485
MISC wedding_planner — wedding_planner Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php. 2022-09-26 7.2 CVE-2022-40403
MISC wedding_planner — wedding_planner Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php. 2022-09-26 9.8 CVE-2022-40484
MISC wedding_planner — wedding_planner Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php. 2022-09-26 8.8 CVE-2022-40402
MISC wedding_planner — wedding_planner Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php. 2022-09-26 8.8 CVE-2022-40404
MISC wordpress — wordpress The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file 2022-09-26 8.8 CVE-2021-24890
MISC
CONFIRM wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress. 2022-09-23 8.8 CVE-2022-38085
CONFIRM
CONFIRM wordpress — wordpress Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. 2022-09-23 8.8 CVE-2022-38134
CONFIRM
CONFIRM wordpress — wordpress The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example. 2022-09-26 7.2 CVE-2022-2352
MISC wordpress — wordpress The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. 2022-09-26 7.2 CVE-2022-2903
MISC wordpress — wordpress The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it’s settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication 2022-09-26 7.5 CVE-2022-2987
MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. 2022-09-23 8.8 CVE-2022-38079
CONFIRM
CONFIRM wordpress — wordpress The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin’s setting, which could be used by admins of multisite blog to upload PHP files for example. 2022-09-26 7.2 CVE-2022-3076
MISC wordpress — wordpress Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress 2022-09-23 7.5 CVE-2022-40194
CONFIRM
CONFIRM wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress. 2022-09-23 8.8 CVE-2022-38454
CONFIRM
CONFIRM wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. 2022-09-23 8.8 CVE-2022-38470
CONFIRM
CONFIRM wordpress — wordpress The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address 2022-09-26 7.5 CVE-2022-3119
MISC xpdfreader — xpdf There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. 2022-09-29 7.8 CVE-2022-38222
MISC xuxueli — xxl-job XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. 2022-09-28 9.8 CVE-2022-40929
MISC zfile — zfile ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. 2022-09-26 9.8 CVE-2022-40050
MISC zimbra — collaboration An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. 2022-09-26 7.8 CVE-2022-41347
MISC
MISC
MISC
MISC zimbra — collaboration An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio. 2022-09-26 9.8 CVE-2022-41352
MISC
MISC
MISC zoo_management_system — zoo_management_system Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the “save_event” file of the “Events” module in the background management system. 2022-09-26 7.2 CVE-2022-40925
MISC zoo_management_system — zoo_management_system Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the “save_animal” file of the “Animals” module in the background management system. 2022-09-26 7.2 CVE-2022-40924
MISC zte — zxa10_b76hv3 There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. 2022-09-23 9.1 CVE-2022-23144
MISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. 2022-09-29 9.8 CVE-2020-15331
MISC
MISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. 2022-09-29 7.5 CVE-2020-15340
MISC
MISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. 2022-09-29 7.5 CVE-2020-15341
MISC
MISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. 2022-09-29 9.8 CVE-2020-15347
MISC
MISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. 2022-09-29 9.8 CVE-2020-15332
MISC
MISC zyxel — cloudcnm_secumanager Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. 2022-09-29 7.5 CVE-2020-15327
MISC
MISC

Comments are closed.