activerecord_project — activerecord A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE. 2022-12-05 9.8 CVE-2022-32224
MISC
MISC algan — prens_student_information_system Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability. 2022-12-02 9.8 CVE-2022-2807
CONFIRM algan — prens_student_information_system Algan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability. 2022-12-02 8.8 CVE-2022-2808
CONFIRM amentotech — workreap The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it’s possible to read any user’s notification (employer or freelancer) as the notification ID is brute-forceable. 2022-12-05 7.5 CVE-2022-3846
MISC ami — megarac_sp-x MegaRAC Default Credentials Vulnerability 2022-12-05 9.8 CVE-2022-40242
MISC ami — megarac_sp-x AMI MegaRAC Redfish Arbitrary Code Execution 2022-12-05 9.8 CVE-2022-40259
MISC ami — megarac_sp-x AMI MegaRAC User Enumeration Vulnerability 2022-12-05 7.5 CVE-2022-2827
MISC apache — camel The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4. 2022-12-05 9.8 CVE-2022-45046
CONFIRM
MLIST apache — tapestry ** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry. 2022-12-02 9.8 CVE-2022-46366
CONFIRM
MLIST
MISC avast — avast A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10. 2022-12-06 8.8 CVE-2022-4173
MISC ayacms_project — ayacms AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). 2022-12-07 9.8 CVE-2022-45550
MISC
MISC ayacms_project — ayacms AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. 2022-12-06 8.8 CVE-2022-45548
MISC background_management_system_project — background_management_system A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability. 2022-12-03 9.8 CVE-2022-4277
N/A
N/A beappsmobile — pc_keyboard_wifi&bluetooth PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2022-12-05 9.8 CVE-2022-45479
MISC cacti — cacti Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: <TARGETIP>`. This way the function `get_client_addr` returns the IP address of the server running Cacti. The following call to `gethostbyaddr` will resolve this IP address to the hostname of the server, which will pass the `poller` hostname check because of the default entry. After the authorization of the `remote_agent.php` file is bypassed, an attacker can trigger different actions. One of these actions is called `polldata`. The called function `poll_for_data` retrieves a few request parameters and loads the corresponding `poller_item` entries from the database. If the `action` of a `poller_item` equals `POLLER_ACTION_SCRIPT_PHP`, the function `proc_open` is used to execute a PHP script. The attacker-controlled parameter `$poller_id` is retrieved via the function `get_nfilter_request_var`, which allows arbitrary strings. This variable is later inserted into the string passed to `proc_open`, which leads to a command injection vulnerability. By e.g. providing the `poller_id=;id` the `id` command is executed. In order to reach the vulnerable call, the attacker must provide a `host_id` and `local_data_id`, where the `action` of the corresponding `poller_item` is set to `POLLER_ACTION_SCRIPT_PHP`. Both of these ids (`host_id` and `local_data_id`) can easily be bruteforced. The only requirement is that a `poller_item` with an `POLLER_ACTION_SCRIPT_PHP` action exists. This is very likely on a productive instance because this action is added by some predefined templates like `Device – Uptime` or `Device – Polling Time`. This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_…` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch. 2022-12-05 9.8 CVE-2022-46169
MISC
MISC
MISC
MISC casbin — casdoor Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. 2022-12-07 8.1 CVE-2022-44942
MISC clastix — capsule Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the OwnerReference, removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation. Patches have been released for version 0.1.3. No known workarounds are available. 2022-12-02 8.8 CVE-2022-46167
MISC
MISC
MISC
MISC clerk — clerk.io The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. 2022-12-05 7.5 CVE-2022-3907
MISC concretecms — concrete_cms ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder “3”. 2022-12-05 7.5 CVE-2022-46464
MISC craftcms — craft_cms All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users’ password hash in a masked manner, which can be decoded by using public functions of the YII framework. 2022-12-05 7.5 CVE-2022-37783
MISC cybozu — cybozu_remote_service Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition. 2022-12-07 7.5 CVE-2022-44608
MISC
MISC d-link — dhp-w310av_firmware D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. 2022-12-02 9.8 CVE-2022-44930
MISC d-link — dvg-g5402sp_firmware D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. 2022-12-02 9.8 CVE-2022-44928
MISC d-link — dvg-g5402sp_firmware An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. 2022-12-02 9.8 CVE-2022-44929
MISC dottech — smart_campus_system A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability. 2022-12-03 7.5 CVE-2022-4280
N/A
N/A duxcms_project — duxcms A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116. 2022-12-08 8 CVE-2020-36610
MISC
MISC elbtide — advanced_booking_calendar Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. 2022-12-05 9.8 CVE-2022-45822
MISC f5 — big-iq_centralized_management In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-12-07 8.8 CVE-2022-41622
MISC facepay_project — facepay A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability. 2022-12-05 8.8 CVE-2022-4281
N/A force1rc — discovery_wifi_u818a_hd+_fpv_firmware Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > http://thiscomputer.com/ > https://www.bostoncyber.org/ > https://medium.com/@meekworth/exploiting-the-lw9621-drone-camera-module-773f00081368 2022-12-06 9.8 CVE-2022-40918
MISC
MISC fortinet — fortiadc An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. 2022-12-06 8.8 CVE-2022-33875
MISC fortinet — fortideceptor An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. 2022-12-06 7.5 CVE-2022-30305
MISC fortinet — fortiproxy An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. 2022-12-06 9.8 CVE-2022-35843
MISC franklinfueling — colibri_firmware Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of “fopen” system function with the mode “wb” which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password. 2022-12-05 9.8 CVE-2022-44039
MISC fsi — fs040u_firmware Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user’s unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed. 2022-12-05 7.3 CVE-2022-43470
MISC
MISC
MISC
MISC
MISC galaxyproject — galaxy Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and higher, after the switch to gunicorn, which serve static contents directly. Additionally, the vulnerability is mitigated when using Nginx or Apache to serve /static/* contents, instead of Galaxy’s internal middleware. This issue has been patched in commit `e5e6bda4f` and will be included in future releases. Users are advised to manually patch their installations. There are no known workarounds for this vulnerability. 2022-12-06 7.5 CVE-2022-23470
MISC
MISC ge — cimplicity GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. 2022-12-07 7.8 CVE-2022-2002
MISC ge — cimplicity GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. 2022-12-07 7.8 CVE-2022-2948
MISC ge — cimplicity GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. 2022-12-07 7.8 CVE-2022-2952
MISC ge — cimplicity GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. 2022-12-08 7.8 CVE-2022-3084
MISC ge — cimplicity GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. 2022-12-08 7.8 CVE-2022-3092
MISC gitpython_project — gitpython All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. 2022-12-06 9.8 CVE-2022-24439
CONFIRM
CONFIRM goauthentik — authentik authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`. 2022-12-02 9.8 CVE-2022-46145
MISC
MISC
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39090
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39091
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39092
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39093
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39094
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39095
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39096
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39097
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39098
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39099
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39100
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39101
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-39102
MISC google — android In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-42776
MISC google — android In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-42777
MISC google — android In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed. 2022-12-06 7.8 CVE-2022-42778
MISC google — chrome Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2022-12-02 8.8 CVE-2022-4262
MISC
MISC google — tensorflow TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1. 2022-12-06 9.1 CVE-2022-41902
MISC
MISC
CONFIRM google — tensorflow TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1. 2022-12-06 9.1 CVE-2022-41910
MISC
CONFIRM
MISC gpac — gpac GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c. 2022-12-06 7.8 CVE-2022-45283
MISC hasura — graphql_engine Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.) 2022-12-08 8.8 CVE-2022-46792
MISC
MISC
MISC haxx — curl When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. 2022-12-05 9.8 CVE-2022-32221
MISC hope-boot_project — hope-boot hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). 2022-12-07 9.8 CVE-2022-44371
MISC hornerautomation — rcc972_firmware Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition. 2022-12-02 9.8 CVE-2022-2641
MISC hornerautomation — rcc972_firmware The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP). 2022-12-02 7.5 CVE-2022-2640
MISC hornerautomation — rcc972_firmware Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device. 2022-12-02 7.5 CVE-2022-2642
MISC house_rental_system_project — house_rental_system A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability. 2022-12-03 9.8 CVE-2022-4274
N/A
N/A house_rental_system_project — house_rental_system A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771. 2022-12-03 9.8 CVE-2022-4275
N/A
N/A house_rental_system_project — house_rental_system A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772. 2022-12-03 9.8 CVE-2022-4276
N/A
N/A human_resource_management_system_project — human_resource_management_system A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability. 2022-12-03 9.8 CVE-2022-4273
MISC
MISC human_resource_management_system_project — human_resource_management_system A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775. 2022-12-03 7.2 CVE-2022-4278
N/A
N/A ibm — content_navigator IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805. 2022-12-07 8.8 CVE-2022-43581
MISC
MISC ibm — spectrum_scale_container_native_storage_access IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437. 2022-12-06 7.8 CVE-2022-43867
MISC
MISC ibm — sterling_secure_proxy IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522. 2022-12-06 7.5 CVE-2022-34361
MISC
MISC ilias — ilias ILIAS before 7.16 allows OS Command Injection. 2022-12-07 8.8 CVE-2022-45915
MISC
FULLDISC
MISC inksplat — comic_book_management_system The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. 2022-12-05 7.2 CVE-2022-3856
MISC
MISC ivanti — endpoint_manager A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. 2022-12-05 9.8 CVE-2022-27773
MISC ivanti — endpoint_manager XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges. 2022-12-05 7.8 CVE-2022-35259
MISC joinmastodon — mastodon Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages. 2022-12-04 7.5 CVE-2022-46405
MISC
MISC jrecms — springbootcms A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability. 2022-12-05 7.2 CVE-2022-4282
MISC
MISC kodcloud — kodexplorer Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue. 2022-12-06 7.5 CVE-2022-46154
MISC
MISC kujirahand — nadesiko3 OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. 2022-12-05 9.8 CVE-2022-41642
MISC
MISC
MISC lazy_mouse_project — lazy_mouse Lazy Mouse server enforces weak password requirements and doesn’t implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2022-12-02 9.8 CVE-2022-45482
MISC lzmouse — lazy_mouse The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2022-12-05 9.8 CVE-2022-45481
MISC maku — maku-boot A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability. 2022-12-07 7.2 CVE-2022-4322
N/A
N/A
N/A markdown_preview_enhanced_project — markdown_preview_enhanced Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function. 2022-12-07 9.8 CVE-2022-45025
MISC markdown_preview_enhanced_project — markdown_preview_enhanced An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process. 2022-12-07 9.8 CVE-2022-45026
MISC mikrotik — routeros Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message. 2022-12-05 9.8 CVE-2022-45313
MISC mikrotik — routeros Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet. 2022-12-05 9.8 CVE-2022-45315
MISC mobatek — mobaxterm When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used. 2022-12-06 9.1 CVE-2022-38337
MISC
MISC mobatek — mobaxterm An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. 2022-12-06 8.1 CVE-2022-38336
MISC moxa — uc-8580-t-lx_firmware Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code. 2022-12-02 7.6 CVE-2022-3086
MISC nadesiko3_project — nadesiko3 OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product. 2022-12-05 9.8 CVE-2022-42496
MISC
MISC
MISC nadesiko3_project — nadesiko3 Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash. 2022-12-05 7.5 CVE-2022-41777
MISC
MISC
MISC neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.8 CVE-2022-23468
MISC neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.8 CVE-2022-23477
MISC neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.8 CVE-2022-23478
MISC neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.8 CVE-2022-23479
MISC neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.8 CVE-2022-23480
MISC neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.8 CVE-2022-23484
MISC neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.1 CVE-2022-23481
MISC neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.1 CVE-2022-23482
MISC neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.1 CVE-2022-23483
MISC neutrinolabs — xrdp xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade. 2022-12-09 9.1 CVE-2022-23493
MISC nodebb — nodebb NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit. 2022-12-05 9.8 CVE-2022-46164
MISC
MISC nodejs — node.js The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. 2022-12-05 9.8 CVE-2022-35256
MISC nodejs — node.js A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. 2022-12-05 9.1 CVE-2022-35255
MISC nodejs — node.js A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. 2022-12-05 8.1 CVE-2022-43548
MISC nokogiri — nokogiri Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected. 2022-12-08 7.5 CVE-2022-23476
MISC
MISC
MISC nttdata — terasoluna_server_framework_for_java_(rich) TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application. 2022-12-05 7.8 CVE-2022-43484
MISC
MISC
MISC offis — dcmtk DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. 2022-12-02 7.5 CVE-2022-43272
MISC
MISC omron — cx-programmer Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. 2022-12-07 7.8 CVE-2022-43508
MISC
MISC omron — cx-programmer Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. 2022-12-07 7.8 CVE-2022-43509
MISC
MISC omron — cx-programmer Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. 2022-12-07 7.8 CVE-2022-43667
MISC
MISC online_leave_management_system_project — online_leave_management_system Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-12-07 7.2 CVE-2022-45009
MISC paddlepaddle — paddlepaddle Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. 2022-12-07 9.8 CVE-2022-46742
MISC paddlepaddle — paddlepaddle Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. 2022-12-07 9.1 CVE-2022-46741
MISC passeo_project — passeo Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python `random` library for random value selection. The python `random` library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2022-12-06 7.5 CVE-2022-23472
MISC
MISC
MISC pdfmake_project — pdfmake pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input. 2022-12-06 9.8 CVE-2022-46161
MISC
MISC postmagthemes — postmagthemes_demo_import The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE. 2022-12-05 7.2 CVE-2022-1540
MISC premio — chaty The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin. 2022-12-05 7.2 CVE-2022-3858
MISC proofpoint — enterprise_protection The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below. 2022-12-06 9.6 CVE-2022-46332
MISC proofpoint — enterprise_protection The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below. 2022-12-06 7.2 CVE-2022-46333
MISC protocol — libp2p libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based network. Users are advised to upgrade to `libp2p` `v0.45.1` or above. Users unable to upgrade should reference the DoS Mitigation page for more information on how to incorporate mitigation strategies, monitor their application, and respond to attacks: https://docs.libp2p.io/reference/dos-mitigation/. 2022-12-07 7.5 CVE-2022-23486
MISC protocol — libp2p js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency to `v0.38.0` or greater. There are no known workarounds for this vulnerability. 2022-12-07 7.5 CVE-2022-23487
MISC protocol — libp2p go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of go-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to upgrade their version of go-libp2p to version `0.18.1` or newer. Users unable to upgrade may consult the denial of service (dos) mitigation page for more information on how to incorporate mitigation strategies, monitor your application, and respond to attacks. 2022-12-08 7.5 CVE-2022-23492
MISC
MISC
MISC proxmox — proxmox_mail_gateway Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3. 2022-12-04 9.8 CVE-2022-35508
MISC
MISC
MISC
MISC proxmox — proxmox_mail_gateway A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim’s browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3. 2022-12-04 7.1 CVE-2022-35507
MISC
MISC pulsesecure — pulse_connect_secure An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. 2022-12-05 7.5 CVE-2022-35254
MISC pulsesecure — pulse_connect_secure An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. 2022-12-05 7.5 CVE-2022-35258
MISC pwndoc_project — pwndoc An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. 2022-12-05 8.8 CVE-2022-45771
MISC
MISC py7zr_project — py7zr A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file. 2022-12-06 9.1 CVE-2022-44900
MISC
MISC
MISC quarkus — quarkus Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request. 2022-12-06 9.8 CVE-2022-4147
MISC rack_project — rack A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. 2022-12-05 10 CVE-2022-30123
MISC rack_project — rack A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. 2022-12-05 7.5 CVE-2022-30122
MISC rackn — digital_rebar RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access. 2022-12-06 9.8 CVE-2022-46383
MISC
MISC rackn — digital_rebar RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar. 2022-12-06 8.8 CVE-2022-46382
MISC redmine — redmine Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user. 2022-12-06 7.5 CVE-2022-44030
MISC
MISC rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. 2022-12-02 9.8 CVE-2022-44945
MISC
MISC rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. 2022-12-05 8.8 CVE-2022-45020
MISC samsung — exynos_firmware Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call. 2022-12-08 7.5 CVE-2022-39902
MISC sangoma — asterisk In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash. 2022-12-05 7.5 CVE-2022-37325
MISC sanitization_management_system_project — sanitization_management_system Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. 2022-12-07 7.2 CVE-2022-44393
MISC seagate — stcg2000300_firmware The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the “start” state and sending a check_device_name request. 2022-12-06 9.8 CVE-2020-6627
MISC
MISC
MISC secomea — gatemanager Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0. 2022-12-06 7.2 CVE-2022-38123
MISC simple-git_project — simple-git The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306). 2022-12-06 9.8 CVE-2022-25912
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM simple_phone_book/directory_web_app_project — simple_phone_book/directory_web_app Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php. 2022-12-07 9.8 CVE-2022-45010
MISC skycaiji — skycaiji Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php. 2022-12-07 9.8 CVE-2022-44351
MISC slims — senayan_library_management_system SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. 2022-12-05 7.5 CVE-2022-45019
MISC stackstorm — stackstorm Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn’t check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information. 2022-12-06 7.5 CVE-2022-44009
MISC swiftterm_project — swiftterm SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user’s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available. 2022-12-02 7.8 CVE-2022-23465
MISC
MISC syncee — syncee_-_global_dropshipping The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator’s account. 2022-12-05 7.5 CVE-2022-3694
MISC telepad-app — telepad Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2022-12-05 9.8 CVE-2022-45477
MISC telos — omnia_mpx_node_firmware Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access. 2022-12-02 8.8 CVE-2022-45562
MISC telosalliance — omnia_mpx_node_firmware An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* – 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input. 2022-12-02 9.8 CVE-2022-43325
MISC tenda — a18_firmware Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. 2022-12-08 7.5 CVE-2022-44931
MISC tenda — a18_firmware An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. 2022-12-08 7.5 CVE-2022-44932
MISC tenda — ac6_firmware Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. 2022-12-02 7.5 CVE-2022-45641
MISC tenda — i21_firmware Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. 2022-12-02 9.8 CVE-2022-44362
MISC tenda — i21_firmware Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. 2022-12-02 9.8 CVE-2022-44363
MISC tenda — i21_firmware Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd. 2022-12-02 9.8 CVE-2022-44365
MISC tenda — i21_firmware Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo. 2022-12-02 9.8 CVE-2022-44366
MISC tenda — i21_firmware Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo. 2022-12-02 9.8 CVE-2022-44367
MISC tenda — i22_firmware Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. 2022-12-02 7.5 CVE-2022-45663
MISC tenda — i22_firmware Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function. 2022-12-02 7.5 CVE-2022-45664
MISC tenda — i22_firmware Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function. 2022-12-02 7.5 CVE-2022-45669
MISC tenda — i22_firmware Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. 2022-12-02 7.5 CVE-2022-45670
MISC tenda — i22_firmware Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function. 2022-12-02 7.5 CVE-2022-45671
MISC tenda — i22_firmware Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function. 2022-12-02 7.5 CVE-2022-45672
MISC tenda — w30e_firmware Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. 2022-12-08 9.8 CVE-2022-45506
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand. 2022-12-08 7.5 CVE-2022-45505
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName. 2022-12-08 7.5 CVE-2022-45507
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName. 2022-12-08 7.5 CVE-2022-45508
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName. 2022-12-08 7.5 CVE-2022-45509
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset. 2022-12-08 7.5 CVE-2022-45510
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex. 2022-12-08 7.5 CVE-2022-45511
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter. 2022-12-08 7.5 CVE-2022-45512
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter. 2022-12-08 7.5 CVE-2022-45513
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter. 2022-12-08 7.5 CVE-2022-45514
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat. 2022-12-08 7.5 CVE-2022-45515
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. 2022-12-08 7.5 CVE-2022-45516
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. 2022-12-08 7.5 CVE-2022-45517
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. 2022-12-08 7.5 CVE-2022-45518
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. 2022-12-08 7.5 CVE-2022-45519
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. 2022-12-08 7.5 CVE-2022-45520
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. 2022-12-08 7.5 CVE-2022-45521
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. 2022-12-08 7.5 CVE-2022-45522
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. 2022-12-08 7.5 CVE-2022-45523
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. 2022-12-08 7.5 CVE-2022-45524
MISC tenda — w30e_firmware Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. 2022-12-08 7.5 CVE-2022-45525
MISC tenda — w6-s_firmware Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand. 2022-12-08 9.8 CVE-2022-45497
MISC tenda — w6-s_firmware An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. 2022-12-08 7.5 CVE-2022-45498
MISC tenda — w6-s_firmware Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet. 2022-12-08 7.5 CVE-2022-45499
MISC tenda — w6-s_firmware Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset. 2022-12-08 7.5 CVE-2022-45501
MISC tenda — w6-s_firmware Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing. 2022-12-08 7.5 CVE-2022-45503
MISC tenda — w6-s_firmware An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. 2022-12-08 7.5 CVE-2022-45504
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function. 2022-12-02 7.5 CVE-2022-45643
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function. 2022-12-02 7.5 CVE-2022-45644
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function. 2022-12-02 7.5 CVE-2022-45645
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function. 2022-12-02 7.5 CVE-2022-45646
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function. 2022-12-02 7.5 CVE-2022-45647
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function. 2022-12-02 7.5 CVE-2022-45648
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function. 2022-12-02 7.5 CVE-2022-45649
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function. 2022-12-02 7.5 CVE-2022-45650
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function. 2022-12-02 7.5 CVE-2022-45651
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function. 2022-12-02 7.5 CVE-2022-45652
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function. 2022-12-02 7.5 CVE-2022-45653
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function. 2022-12-02 7.5 CVE-2022-45654
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function. 2022-12-02 7.5 CVE-2022-45655
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. 2022-12-02 7.5 CVE-2022-45656
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. 2022-12-02 7.5 CVE-2022-45657
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function. 2022-12-02 7.5 CVE-2022-45658
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. 2022-12-02 7.5 CVE-2022-45659
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function. 2022-12-02 7.5 CVE-2022-45660
MISC tendacn — ac6_firmware Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function. 2022-12-02 7.5 CVE-2022-45661
MISC thinkphp — thinkphp Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. 2022-12-06 8.8 CVE-2022-44289
MISC tibco — nimbus The Web Client component of TIBCO Software Inc.’s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO Nimbus: version 10.5.0. 2022-12-06 9.3 CVE-2022-41559
CONFIRM ui — edgemax_edgerouter_firmware A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later. 2022-12-05 8.8 CVE-2022-43553
MISC unimo — udr-ja1604_firmware Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71×10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. 2022-12-07 8.8 CVE-2022-43464
MISC
MISC unimo — udr-ja1604_firmware OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71×10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. 2022-12-07 8.8 CVE-2022-44606
MISC
MISC unimo — udr-ja1604_firmware Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71×10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. 2022-12-07 8.8 CVE-2022-44620
MISC
MISC veeam — veeam_backup_for_google_cloud Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. 2022-12-05 9.8 CVE-2022-43549
MISC veritas — netbackup_flex_scale_appliance An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal. 2022-12-04 9.8 CVE-2022-46414
MISC veritas — netbackup_flex_scale_appliance An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands. 2022-12-04 8.8 CVE-2022-46410
MISC veritas — netbackup_flex_scale_appliance An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges. 2022-12-04 8.8 CVE-2022-46411
MISC veritas — netbackup_flex_scale_appliance An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands. 2022-12-04 8.8 CVE-2022-46412
MISC veritas — netbackup_flex_scale_appliance An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal. 2022-12-04 8.8 CVE-2022-46413
MISC videolan — vlc_media_player An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. 2022-12-06 7.8 CVE-2022-41325
MISC
MISC
MISC
DEBIAN vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. 2022-12-03 9.8 CVE-2022-3491
CONFIRM
MISC vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. 2022-12-02 9.8 CVE-2022-3520
MISC
CONFIRM vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0789. 2022-12-02 7.8 CVE-2022-3591
MISC
CONFIRM vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0882. 2022-12-05 7.8 CVE-2022-4292
CONFIRM
MISC warehouse_management_system_project — warehouse_management_system A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760. 2022-12-03 9.8 CVE-2022-4272
MISC
MISC webtareas_project — webtareas webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. 2022-12-02 9.8 CVE-2022-44290
MISC
MISC webtareas_project — webtareas webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. 2022-12-02 9.8 CVE-2022-44291
MISC
MISC wordpress_popular_posts_project — wordpress_popular_posts External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input. 2022-12-07 7.5 CVE-2022-43468
MISC
MISC
MISC wp-ecommerce — easy_wp_smtp Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. 2022-12-06 8.8 CVE-2022-42699
MISC wp-ecommerce — easy_wp_smtp Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress. 2022-12-06 8.1 CVE-2022-45829
MISC wp_csv_exporter_project — wp_csv_exporter The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks 2022-12-05 7.2 CVE-2022-3249
MISC xjd2020 — fastcms A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability. 2022-12-06 8.8 CVE-2022-4300
N/A
N/A
MISC yithemes — yith_woocommerce_gift_cards Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. 2022-12-06 9.8 CVE-2022-45359
MISC zabbix — frontend Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range. 2022-12-05 9.8 CVE-2022-43515
MISC zabbix — zabbix A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI) 2022-12-05 9.8 CVE-2022-43516
MISC zimbra — collaboration An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution. 2022-12-05 7.2 CVE-2022-45912
MISC zkteco — zktime A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. 2022-12-06 7.5 CVE-2021-39434
MISC